Overview

overview

10

Static

static

5

eec2d1187a...18.exe

windows7-x64

10

eec2d1187a...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-12-2024 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eec2d1187a2d73eab000e395271930fe_JaffaCakes118.exe

  • Size

    122KB

  • MD5

    eec2d1187a2d73eab000e395271930fe

  • SHA1

    f04961a96e3141556188783b57c2ba341bbe682f

  • SHA256

    4860291bebf08a55373b310b928e3f6276f30c1ce57d546d2d7cc00fd8d128dd

  • SHA512

    d898c1a5abe1d48708538aeb76276023b59d3e130cce71bbe76b0dfb13a7fa6444d4a8bbd5767d8abcac8fb02e6070351820bf80d7486394e1b10e37241345a1

  • SSDEEP

    3072:wwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8KCjLL094H3S:wMzzILGFkzhr0pGj9oTjM2H3

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eec2d1187a2d73eab000e395271930fe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eec2d1187a2d73eab000e395271930fe_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:540
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3024
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2328
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2328 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a90c52fd491b2d3710d5d73ff5facc91

    SHA1

    0cd6d87460105e65e02826ed063002263167dc0b

    SHA256

    5a9fb263100c9abe69b1582a0db2972aefb97c9ad2ee3a31f11a542a7c5b424e

    SHA512

    9a5069aa58dfb231e8c67f35c7cc83fbd5e317304617c37647427791a78b6e67bf3157b29f975da7a73f8262e79383930e3e90ca5f9fbb991a596ed95cfaa1db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2000bd6522c9dd04d3d53b005129387

    SHA1

    a2be5b64fd63a78085b0e112f32f1ed2bfb6396b

    SHA256

    cca0523d0ba9e981198af5f9d05c4198e63e1ca7f13f7968acf9857a130c8a13

    SHA512

    5d79ed30cc32af00e13f390f638e27fcd49f73b2d45c4854cc527bb2c2395bb9146cd0313544dc07da147d3b553ad1082631f6e3288568821ed9ae557569b0e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54f16db0b0cfa5108b463401911f0788

    SHA1

    fbb9f1e2c56ecc7809bd0faaf02f544d31da389d

    SHA256

    ca96fa5a09c28b986f02b43c786b65e572e2177631ed910009b53ce12516a20d

    SHA512

    e55e3f83346c9dae458d4fdf54c4b50459400d902308f064ac56fc5ac10b3d9d3021b1e555fb8b753663bc3843fb1e6e5baa152a8ebe986adf00df73090e5304

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba1bab02ca62051b0230af6fdc143de3

    SHA1

    de7d0fe2b24f90ec4bfeec1ce0d641b61fd978b7

    SHA256

    004d64fa716ba30579674b23dbba76fd403b88fdd5e60b3a3594139266158d2b

    SHA512

    c089a4715931a5c19a13b817f32b0275a8aec84f56f0415ef51fe5e63f7cbe814f6da8ef0d62a22575e96a2c42f99ac9d02c36351fc1fcb6925f987d2cb00cf6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b92e0a033d42ec6b8398d83b482164a

    SHA1

    a56534a36ebc16d32ab1d3e83a7289850864258f

    SHA256

    5d66f67ae551b79c40bb5198133db910b391c8f4f3adada6975cc6c56ba95c72

    SHA512

    da76e3f233a9e1de5ed6316c600cd82ae90e804e9d47972763117434af608a9d857dd7a33ea69b9a03bd9a17dea1c8f0386aea6de59af05028579d1d5e040d69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58b48e24cf27eafb968d1b4cbf26a819

    SHA1

    a201771efe545b19468430000de191522f404525

    SHA256

    faa1cfeab064c8e0769ab5697ff58112b2524fee0350ba5883ee6ddbf02d38f5

    SHA512

    6ce54f5371df154a19a6dd28cdfcdfc3722d8478aa8c6e5ec99c66f87026262669b7aaf703121e23fa60aa14967ba8e6dd0ca9fe6b58597ba580d301da0b51e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab37dfe9d1f905cf90592bb3fe9e172a

    SHA1

    318fc499f832586befb0806bf37bafe828936232

    SHA256

    bbfdeb0d4c100661e2147ba6f7fc4de7204b16bdda901d5b2e4a776343602724

    SHA512

    bd030274808b5632e299307aa3bd3a77a0f72f878c024ba738f472e1de2581c1a333ffe8ac966e4d04861d3aa3cdc3f92e0269ef6f89455c98c2ca45729f8313

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    226b2d8d4bd55c279717592b9a906886

    SHA1

    cf26d5e2bef6ccd89614848ba0550c803010be13

    SHA256

    2fe3eae333825fcdc90d6954319a87d5fa1041992953aeab8c83470c3e938a41

    SHA512

    1d4ec09df89090f8c6cd1505e86aed35ec2b90e52198e4a9fe369993282fd11370a33d5e56d68fc95f79d8335ad7ef276e482eb5601543219a74a92f39ed8dd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b1ac7150997673a61bfde58f32f4039

    SHA1

    548ae82342885ae74bac621c4b3e39344f9a286d

    SHA256

    c4f442eb92067403c83057b320ee0ee1e032fb6ab2d6a6bbdd4d20aeabda1ec7

    SHA512

    6625c4a2627366d573d9723dcbffb34e16e2ef2efae3510e60b06940544839587c2d6626e47d884001898b7d0a365b5f5c2b0feae36ebdd70b3e76217426ec4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ada169d1d3e4ff716bbf454929cbb935

    SHA1

    6a202afbc6b89f05cc48fceb537661b997389cc1

    SHA256

    67ce51e726fd9cc55413c073e48eff6e5180adb074e4d7e247db010922f6f005

    SHA512

    5255af29116390eeeab2f26e0341359c587bbe931d9bf84bf90efc21445a8a55ac1642dfad71306f5caeb7e0db0ee1b806cc1482dca8769afee57c93b37f9ca7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6de2d9966a364d665f4311be308d6ede

    SHA1

    1bda806ac567bebea67f4b38333b668f34896214

    SHA256

    ddbb32098da76e0676fa230a3cbb01e055735d112e2b7ed0447a798e13b251ba

    SHA512

    275915690eba728743b789b7a84044628474caeb29cb450ed366ac435e74708eec394381ca3540fb8e8b6567b0b3981aded07d03f5a5a42cc6587543e83671ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0f6c499ed16bdf6f4aa318b618aab4e

    SHA1

    d2e9b81da924161934aa597bbab05aedda9c7b6a

    SHA256

    b09f48e8fb97ae8c20c652cdd97011f2e9e0a5b482c20a800cab9521968f28e9

    SHA512

    3217ea16ebe50da17a9a339323a1e71a3f81aafda7ea2bac00d32334b27adab5bbdb2eb59de48646a4f17433962d100bc34ec950ec80904491cf8bc770fef258

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c7c822e8212b100a03a17e1aabb7b1f

    SHA1

    af2338a9e71feea87d2bde706f2d2e37f4471513

    SHA256

    5791d9014511f4d19b33d535d082eb2db7a52e533983ffc6adee86d7ae139f89

    SHA512

    399ea61010c5b65ad1f5595953810411bc1d04ddc5e3f4605db472505029a80d30bfa9b25e8caedd5330d3aa2dbc4be08a6e0a6a9d5b7c9e87c41fdd8006c316

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3dd9c262694fb366f319c40ccfe5cac6

    SHA1

    0eda692a9b8070f91f51d0cbbf4b4e5d3fba01b8

    SHA256

    91158692c424e309ba7a14bf3ab67f0eea13bf69d53833a5bc714a58ad6abef0

    SHA512

    0ff2358cf5f52de1896c723d8571adc10126e684f182aec1ecc32fe40cdac02d500a03b04e69d75f664a0dc47b35543f77918fd677af37813151947d86caea67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9a50f317eeb9d467df136286c06dc64

    SHA1

    8d527cad2dc5ee87e56ecacb8d31e409cdc87d16

    SHA256

    8f9fb6921c2f4171ad9cd375c75ea9b29e5dbbdf6a4d5a29ff678c1e30234a89

    SHA512

    eec4aa116d6f5a2cc308a220ccf3175160c32e4d221f2068a477edf7d78308d483f143bd2b04c5b0ecbad264547b18cc118cc9da2be086d3e27448bbffe12d1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63ceb5785822943e7c21bce741fe9572

    SHA1

    de9ab12e4bd8cf68ea8a925552790bca6cd9d385

    SHA256

    9393784959ec01b1a62886fba95af6dfdb3acbce49fde10a2985fafde135d76d

    SHA512

    f0269e5a9564ac8ea54e58fd0087eaea338c34549275693eeae6bcf2002548b3c00cb93e8af99853c232654ea10f9fba0f97cd13a32d860df6a17be71d7d8514

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc6ef5a4f1ff60f8451dcbe45d6df60c

    SHA1

    456805d7128115c3cee1650246233aa20c3a3277

    SHA256

    a4d4b2304a0f7509e34d6d98aff32d5c980102c88e948f89ad3469264ad2045b

    SHA512

    034cac9ddefcbf84eeff4dc6df03001f84a81cf9c91149825f6eacf7ab3e6bd4cda96fa208ecd1853067d2bd7335a1c8296837197a4d43d46ab37488760ef8e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe995f104d20efc93773c3fac2dc91dc

    SHA1

    358b9a074b8ba8a0579423e9a195a8e0d1b380ec

    SHA256

    476dcb615e20850dfe7acafdc5e9af0619ea28099b3d0d6eb25c22af35a09ced

    SHA512

    c71b4c28bd2a82c578f62f28f417616f9441c7691365fef5684158904169f383ded7cd52d8645cb5c91ba0a1e88056cf8aa4c30363b97ab51064aad4f591b370

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ce9944282acd6d16bc2a668ab72bd61

    SHA1

    5653a05c9c76f02e8ce79f09c7ca4d7af1970e0d

    SHA256

    b4ea5105c5780bba8531de982b06470e4e0e69a4776dc52beace36f2c10ef74a

    SHA512

    70440aaff35f244c3fe754c27af0cb29369761aa071e2e274e7e2dd2baf2d7d2ac7343c953a94485c41f1972436d7d95b0b45162da1e533b097ec4fd586bce23

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4CD83E1-BA16-11EF-A045-62CAC36041A9}.dat
    Filesize

    5KB

    MD5

    85cc318ff1eeecae10902eacfa72c86f

    SHA1

    1eb7c8df400f59f1c637d83e4e0e30c07bed9281

    SHA256

    d9bcfad0756e44cd9485bce0d00492e8efb5883cdb65889b832a8bc00cc7f017

    SHA512

    f58c049867ead4833634ee85e7236402555da252b6842c22c4ae7864ec0aafb2f7efebc25311ca281dd87ea2cc9bb7c7f60036c1b9c35fc9a8b181a372c93c2f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4CE6E41-BA16-11EF-A045-62CAC36041A9}.dat
    Filesize

    4KB

    MD5

    7e37565ab3225a99ec9d24077946e6fd

    SHA1

    7c8b4f0a22915f3567960409520b65d20fbba956

    SHA256

    2898a9610ea6f57808f1bb682791b1bee5709a1ccb9f6eec20b24b34828b7e65

    SHA512

    3245fcde1d6847ff5266a892405cf1d30226a6a72b986ee33efce9819553a0f08f12aa5d6b68203225f8c0203ea972a6e8081ec4735fcd730e3fa9efe59a89db

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF5C7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF637.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/540-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-0-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/540-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/540-3-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/540-6-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/540-5-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/540-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download