Overview

overview

10

Static

static

5

eecefe2e2f...18.exe

windows7-x64

10

eecefe2e2f...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    14-12-2024 12:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eecefe2e2f0f0c84500eea02c66cf042_JaffaCakes118.exe

  • Size

    161KB

  • MD5

    eecefe2e2f0f0c84500eea02c66cf042

  • SHA1

    1536328a2b60a3dc9de45c72df1a19e50f31304e

  • SHA256

    d6a3dedc00e8bf104918a6b982306ac0366b7206a5b9e79ed1e3c9bfa72e29a7

  • SHA512

    ebcd9230414402ab80c57f90ca90d6f040e318b01599a74a46168087df4af699f00340b1ead8491f4bd3350ac6938c006fd77b48a7ed5b86c9f1e2ea9e03051c

  • SSDEEP

    1536:LOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:LwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eecefe2e2f0f0c84500eea02c66cf042_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eecefe2e2f0f0c84500eea02c66cf042_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1644
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2836
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1904
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1904 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f014b31d15288c372682b7d0ac6c685e

    SHA1

    cec25412cf9462000b66031c5e2ee03044440793

    SHA256

    024e791ac2bbef104f2472e3c6fffc83c6e598072a4b1af056fd732c85678574

    SHA512

    b075ac8c62d770130fe0d33b37ea8669d7f2ba2b39c93a30f25816cceb84baa7258f2e5d2afb55c36198319b92679b9fb98b399b107532580b843b072a0f36f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6258a0a6d515e6b13b9442d1f4499c90

    SHA1

    a3c87bdc27732be0f3c44e9655ba062ad2ab1888

    SHA256

    6b0efdbddd59a6fbf4aa6b1adc65783fc32e9de78a69cbebe41d08dbaa4fa68a

    SHA512

    62ece84d122279b027ff38d871578bb14c0ca76762e70efb3ecfd5c52a3927cf093dd66dcff7ce677d57ccf34f7edacf451fc2e2702f10544f0bd391fad82bc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94ba478fb4050f66fcea3d0ff3818bbe

    SHA1

    9744f86a289be6e59247922a36db46ee6f93b30f

    SHA256

    0dea03883daf31decf7bac4fbd96ae5ae6ec7eb2d7228ef0f51c103d06db08a6

    SHA512

    f12492c3b34f9c423db449744c084aa913987e598cfd2368f8e525fe024b6cb6e9116c36bc2010fd953971604b66b83a6abcb3e3812ef5f8e512fe3656803e51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ea04bea6bee5e67eca4010ea8753a07

    SHA1

    c46e1f26abdee9fb8228c4023c79370459485cc3

    SHA256

    35baadcbeefaaf8d22b7ae52b4f0a8f4f60f1a2a08b5738dc4f3a13f0b95fab6

    SHA512

    892240167b40d8762ce345ade6795182ce47fe146e377d45c739b372e624c5fdc8540d33ee63564ca76d950b40060e1c19032467d0767c997f1336bb17b98445

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abe6117836d847278b69dbc889301f29

    SHA1

    ebad46a87a13982c90aeaf1e6bf9b55a44ac72ed

    SHA256

    0a378303300706d85a645b16435e448e0f546db4702b0ca5e5ce5e43fcdf412b

    SHA512

    0c4d421be26cd1f7a24422066f5447359b6afd3635ec991fc209b2ed0452970b6de70b55c366f51aa9d56d576546dcc29d06ec77f803ac5dfd1690f8fad27e16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70ebc8f10a8bdac21702309d3fd13087

    SHA1

    9632a5a330447bbadd31722c9598f02e07944939

    SHA256

    e8ace958eba454eb2b3f6d68e78bf00470010463a494d820484af1daf73840fe

    SHA512

    93dd92f0c41394efb0014ccea5a9306359c3a9fdb27c90094aaa6e8237f6e65647733f5e0aca396cc4cbe85e70548f7f4ef5f4dc5c39557eaaf3466aa0affeea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7c98c969e7f4d9d58f08dd3277745a5

    SHA1

    3479acb84361a4dec51e42d7ec4e05c1f3469c80

    SHA256

    a9792e87e449a3af9c6ca524bb1c3a55424eed39b39e074fda6075a19f1a53f2

    SHA512

    34872922ad040f23ef426fea12f478a1d3cd70154af2187c68901f2d2e3c2d9b01638e6674e0a1d49a9a2ae416d7ed1022015d551013e3e817a63e4c8fe6ba41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    131c7c2b09ef687e1fc3c8e6a7610b2e

    SHA1

    3133cdf118f8e2e10436670593b6df3662fa59fb

    SHA256

    7686d99899ce492de8df12af96e224a507883b27e1fa6cc90fb58531ce601df1

    SHA512

    e9d2e883e5709414c40415ac48b4787cb72f6f804e9b4f2e74916ba50966a239ac736d53f0a81b20f761e540f05ef874ab796ff96c2623ac157fb9a3e974d40f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb617e6b133ff0ea1f4d4b62e0ac0fd3

    SHA1

    b82099b87e52e28dc0ec7abefef8f1df16edc591

    SHA256

    faf2db4dcbd09851557c24c5a8988b0def1da6369413691eec4d58195b1c0c91

    SHA512

    93296f5d2ccc2e5b8d0d18e742f77548965e4795c459c27f3eb5648d8783bbc67e5c85b663d4a98b026b52a3fe35b7f35dcccca23199f2d86c5c917f6332894a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6bea0653c82501cecbe7796c12c087e1

    SHA1

    43e19af17eb8b1cbec4dffcc136fafd5dbb2bb29

    SHA256

    7f485d6ab397419201d792a2f695593fd306d9e25a36fc504c25a6706d2a4f21

    SHA512

    712b38d0a0caef323382c3c992a7484521f86ee1928abb5bc968b2221cdd411623527b1d0407e89e79986f1fe7248488de3e75f5a5c7bcc51331a14e0489a07d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc60d583484a6974d0d3a19d2541107d

    SHA1

    14fb5565b34f4444c98f9d3086ee9d68f2a4ed1d

    SHA256

    f0e0362fee3f626db3463dcd593fc455fb995f8588c8c2081af630242a08b4ce

    SHA512

    904a697d2982f19c5543414ec506b243b274f7b3df65c95451ba0dadd3e35d42f951f6e0b48997995227f4bb0f737bb630899c31465491e003d75b8606c35549

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56de8bbe5673660d99056494e3cb5f82

    SHA1

    de709dd97459dea32429f4535e3a10a49adf6834

    SHA256

    ee83d8977ac3d4b2410d14d63ece3475f0f6a6f31d37d22841a5b024371c8df3

    SHA512

    a942212f68d0f65409eea29c2e762146c050ed17b78ca6c289d32f27cfa6fd6d8ef675edcd20f2405c6fbe257a8b469490c702131b681ac13f06a2e62a0475d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf0a7778b1486ee203fb9d941f0332fe

    SHA1

    accd59a2723ba45db9d9ab27410bad5ef72294e3

    SHA256

    3679f66b2edd417a0acb98f87c2df96d7150c72590dccfd987d9b6b418cce058

    SHA512

    cfc53156c7733b2644495108c9d98daada72e30349febf900966ff1c3b859e93199adec81c9c6b05124682e9f8d9e505269d83564d9a0896f708cc6c333cae7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64e3aeceab763a7cdd4fbfaf0579471a

    SHA1

    3bdb578d27787d37e5fb0bfd87728db3a011ec16

    SHA256

    ae6e93f5eef71bb9890adbff55d80977fcb99b2bbacfc0e577e69d7703737694

    SHA512

    49181777ca8d2250f80cccc9ff871a4adb710bda57c871bd8488a1b36bb50da94c8e3216b4bc57f780f022a223ddb842252f0c4dc5493bad1db99783d8ffdc00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b535163547b173ff890d7e8e92ac10e

    SHA1

    16c8c0466b31373a2780ac90542b04648baead7a

    SHA256

    753bfc9656bba986d534750f27a60a58efd225fe867caa216a49d3bba6f46c54

    SHA512

    e80f1186dbcf8f4fd9e0cc9808b68298d2208d8f5019ceaee4c41aa10133c0828360361e70d869177c3aad7a1d08867b0d8bd60405404f6ad2d2f8850ec06480

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    993c536450059d533bca637c457a1946

    SHA1

    e71ed9e7822ce05093729c669772b027f027f463

    SHA256

    bf5a2557c756b30b84ea916cd6c0ee738af41c83b0edadfe49f10772e35bd77d

    SHA512

    bfc5a13cfc75a962430905efed6d80de3ba2aa3bec725b7b241022b11aa66d2d53be072384ad986a7f24b0f2faaba63378416428e9ae0f7bc2e99c64733edc46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fad4f2ba208159b1e26c0c8d541071f5

    SHA1

    85c86631189f67972d96fa50ee784e8f40660711

    SHA256

    d1b81573a1e77a88371c759b760ca793c870f9b5deaa0dead7c0906044780698

    SHA512

    2c32c64af8cc750eca5287d6a645bef3fc0cc9a9b3c9ea711f82cc89909d6635332ba9551d3e345d12f5ae5db153182a91607aadd672cb2663c1e17dc75c0561

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92bb3c6c40966412933e00bced394ee8

    SHA1

    12adf2ad2a11506fb4bba7b2720d43393bed594d

    SHA256

    a65753ce785da500705c7fd4e3388b6d00c932a092e36adc8fd5bea6506fd811

    SHA512

    27a22ee2fcc0be230405e27dea6e1b1498f0ac5e56d16486bc4460b8622eb7bbc9ac0aef4673febbf1968afe48875a9042dd034f7bb49a83f83aa3f199c816cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54157fe3c41cc58da9f2c407be111485

    SHA1

    f144a9e2f54eb301603441833b79e4ffa5bf8214

    SHA256

    fead8d29d0b78fcb8e0972640c4c5dfbf33c2a0706e497cc13c36920091790ff

    SHA512

    466717cdd1dbdd8ce04e4145b56ae84fedb0668b369ecbba1fcfe45fd6454146d58d14c9af4373b088e443cc77d447ab6fd3f490ce2ec1247c69d7e92eab809f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A941EC51-BA18-11EF-88C1-C26A93CEF43F}.dat
    Filesize

    5KB

    MD5

    ddbaae8486f586a2cc0644a12ac714e0

    SHA1

    b2c8c3f68da8ffcdea12b697b9cbf3d32ceea3c3

    SHA256

    98b555d7dab9dfdcb072830408f81ed5aea3fabc53a5534a19d53853ca635314

    SHA512

    ed5a73d2bf273083c59f993b11f5141b1e15dfbcbe47749debb9feccf92ea3fd0cde0502c2d43688680e16725ce0fdfee377d366523f9913a8b981d6f5f32eee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A9421361-BA18-11EF-88C1-C26A93CEF43F}.dat
    Filesize

    4KB

    MD5

    4958f62af771dcfcf0318b2a6e34f21e

    SHA1

    f680b71539be6f4c63f0d3768017bf7d54340a2e

    SHA256

    6ee0b082b0e39d03a13e94c7581930ffba8f46d510c0bebc15a8ba568bd7719e

    SHA512

    6539e7291c3aa4aaea9178af165e469493badbb4491947a0d6c37ececf312ca3ddb1e8025b5a7ec7e7bad7e69e61d4335333f418d75e0bb46b3e8e76328bfab2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF04B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF0AC.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2284-2-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2284-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2284-0-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2284-3-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2284-4-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2284-6-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2284-5-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2284-10-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download