Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
14-12-2024 17:49
General
-
Target
RippleSpoofer.exe
-
Size
15.6MB
-
MD5
76ed914a265f60ff93751afe02cf35a4
-
SHA1
4f8ea583e5999faaec38be4c66ff4849fcf715c6
-
SHA256
51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
-
SHA512
83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
-
SSDEEP
393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 3 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5d54c4fbdb9e8aea195d02d5c541e2518
SHA1a13ec0ce6525fda827cf6a0b110a46fa6d739f98
SHA25626f5303af7be66c918c676f90d5cecbfbe3321a74a501e44fba667994206e202
SHA51259f02d90ae581b5aa37336db2343fbaf159aa8848ee553519062e218bf1166d55828ba097331fbeb0e0b7201298c690a5bd82b6249ebb2424a7f5273921d88e7
-
Filesize
342B
MD5e8a07a08feec0e7d8357bca0c1e4aceb
SHA1efd43805e58189d95fb17226c22c1f1b4ccbecc3
SHA2561a698cdc00330bcf81e73e484130733912b24dd82967e1408f30cc3bd558834e
SHA512bddd7c4564bd686de9421549eb86a6201fa50889c160acbc4eb3ad23ed7aa254f237bcf6cd9becfbd4ed301a381667c83805980e3450a082693d63464af0c66a
-
Filesize
342B
MD544d1a9d18e7bbe19c8f235b162aafc41
SHA108b00a83103102b4cc876c621519a9fd4611c268
SHA256b66e264e5d3bb2974b6611b5cfc579cd050e1a965e35d432cb8290670e50b0f8
SHA5127590de9660b6ed4a9035eabe239eb992ddf7cfb09320ff0b59b8b632378f270bbb3481cabead62002cd4153174015ae4f970b5f742ffb8e8d990db688e167dd2
-
Filesize
342B
MD5e240803fcfa5a9672d55d3f280a8d927
SHA11f621af82c8be177a48e2534bef297a38bcd432a
SHA256d3c0d5f226d995bac9eac0bcfc053f5ef19bef01356ba587ac09147c4c465787
SHA512e5a312e9e14ee86a34305379b96de98d92fe3a777abd47c3bfcd691ac9a0a9c90b03687d251f7f71baf2d6fd583c6fb50528613a577d12005b0169df82c608b2
-
Filesize
342B
MD5d256711f92dd79114fadda6b90743ef3
SHA140a7d3e1bf155a2f01053c4d8137fb8bdc11dd63
SHA256a70838ac64c2a12d1df8320d18bf3319eed04bebcf00caa3e8ac593d1624e3ee
SHA512ca48e9301f5cde53709d0a0857510d240a038923e8bc31ee0efd3c84db10f15fc2fdae6f47e5ac6eb75dfdbc7deb69d9799e59ad36aa409f9bbdba3381894f51
-
Filesize
342B
MD591d91d7df0f9ad3fad02a612a3d926b1
SHA1925b0b8066a7fe20a65851da54e77236789b452b
SHA25662ab9716a35554979d3514aaf977680d1a9716ebdfde55d156d6993e1cdaf9dc
SHA51242b41991a4ba8c9557a8cce184c3d0cb9b04964485cc0d37d5271c2113fe9340f00d6f3b193fe9421bb82d7f65d180c4e6fb56093d8280e1eff49ce3c9680643
-
Filesize
342B
MD5b47123b60d1d8f8056c0a58ce445e267
SHA129d2235f18247e8db67b41a01c19029838b40b8a
SHA256a27d0caae991504cf2c167f693d7162e32ad7982f1c0b679df04bcd6355224e5
SHA51250bb51836d0c6cdaaab0cab24b7371f1bdd6e32cef38f425ea76d3dcfe94a8883d595709c64791c151e17f607010820cc0d1d354d92b1d7dae392c61b9c7e40a
-
Filesize
342B
MD593b90640a2641ac404405cea0ab41647
SHA1af500e01712cdfc826f66e08edb951b5b7ec178b
SHA256e48756fa307bf243347d35028e8a5e9236d615237cff822950b4581ace593237
SHA512af735ea21b661b627960338d68e85c15b5faaef4cd2c802ecdd5aa29c988c4b29ab29231ff02412ad12dedb39242d17bc1becabb23b8129d7efc2ac6fc10cb40
-
Filesize
342B
MD5c5e37afd269d8b74ef49bd2381a62638
SHA10eb26f10e8d80e87d6c57239530e2d43da8a8dc6
SHA2564267c9b9c41595a91c9ddc27ae798986bf415208b10e49daf1fa180d85d7b49e
SHA5129b4d20921a8db2315ada61c8ec0dcc6a8d19d38e42f54401a92b54ab76dec6740de7e9b8dbaaa50a2154c7d5a5f1686a0e3d3d69c14ec125942e3666dd76c9ad
-
Filesize
342B
MD5868eeb3e4fbdf2d20549e2ab805d12ef
SHA104f3884b15f617f3150f160e693cae25db47da09
SHA256d10cda7c2fd5a0357f89dd6f5556fe72319dba82a17df8d4edc05732f2009be9
SHA512c1e85d4ada952c50972c2b78bb9af80848d14c3e4e2805798198d42a198101715a6bc4358ed2e9070bd7827ec1945c3907b901fac77cc4750353d3af9efe30c0
-
Filesize
342B
MD5aeb270d862c4924eff6f17c9eb3bb7c9
SHA1b93d4c96f86d2ea46bde5300aec6646b2531ac4b
SHA25615a2cb19cedbcf14f1b3aa67c2d6b7febadc3d85033651ff97518212a8faa495
SHA51207afa0c6ca5f5d630de269d1d28479f43bb6fc08e8ca22511524665d4bf9e7da01bc5c5293e251dffdc8c3f7169247dc35f882a517f3dd21009bd20e93524bb9
-
Filesize
342B
MD5d9cce15fa5133582f852cdbd35152774
SHA11e26ddfd67a552d38e80b702dc54a558a627de90
SHA256ced2216ee95f76e70c531865fed7c3f13251cea50159b9988c43917dafa1e8a5
SHA512d5c1cc659227bde0144d67dd578046d68034a6b1e6ddcc15202c11e295aed5b40bcf9072270679b6af15efb940dc902779207b1fdc1262628e679d84309a6fcf
-
Filesize
342B
MD58f17c6cda1c956569f72623aa646f975
SHA19e5225fb06945bb3b7a703bddf1551e6301e0c3d
SHA256f2718fc99c7b86940b882427f08022d5c94e60d3d7986a8f74839897bd91c2cc
SHA51210d5819cdea3c7e45abcad9ee525cceb58aac67c6ca8fbcc9c0bdc5d4bdf4f1948aa3c07b78e6227bad84f72cc4365227fe57ce7c48782acb2df8f2eb31de964
-
Filesize
342B
MD53e315845227184abb9cf3a5f6d66436b
SHA13f0dc6af722003f2c9f575a298a1c124dcced896
SHA25652f904b3b8d202c399e6025bb3df8f02802e6eb51705b799cb0dac90ee2f8b88
SHA512d5527ed0dd042f25211aa035eb0cb071878cdd82d497c7badb27530ff2d788215db5aefb15406b060f20f6bc0b97154e7cc5553d88af4b82cc7cd83d66cb26da
-
Filesize
342B
MD5f8dedbb96624cadc3c96c8caaec78bc5
SHA1afa4ee8d9bb82f222793d2642f1f7d961d8304b0
SHA25670a335dc124bc72adcbfa883632aba2ab4d92084258b29a416b33e4fda173140
SHA51212b2c67b956846cd2153f4fd02ca0f6cfe96aee58eb9f258e4e251fa050875f9bef11b1500b3cd118f3bce755f51240ea7792ea0ce9acfc960b379d208de1ff4
-
Filesize
342B
MD528cbcfcacfc4a2c69b34335f99105542
SHA18103d25eb2e92f36a6f722d2b3c95fa6c48eae40
SHA2564d0417ad5b1183b324b13599a19d2cb38ae8942c310d67667aedd900e6602d07
SHA5120a6d0903dfbd3e16383b0907142acb9c5ea2ec6d459f36cf90e6df53ed79e9e67258c571c3e4e02d9f5f6ce62f7c449a87b62916c555b7084c5be7c544759c63
-
Filesize
342B
MD5c7ccab382e747eb5fdf5b770ac767bc3
SHA1a422b049b5c65593470885c1c24e27354e4c3502
SHA2565c16fb766f05b7a8f2c55611e45b050accded3da4cdac0e19440c7ac89a55d20
SHA512d816f6cea8c90365b6b9b792881a0a0d32c6502dc4406bc1ef2d438008eaa7d5f26ada3d7d9de658beff86ae00ff24c7e2d5eba64bd45fd9c6ec275f2d5bc6a2
-
Filesize
342B
MD5173dad35a0b4b9bf5c0362e8eec368f8
SHA17cf7b0c69439471ea8ebd106f50f5969f4d0213d
SHA2566eb33d4720068224c5727ef9a3bff3af39abbbc397e7f233b3024bdf88858a9e
SHA5122fe7c0d5598c6783fd8fd4f0527d2bd91ea5e29426d3b430a58fff8f2839e6ecd0b4c0a571e4b6b1cb10edfb572417a95b2c129fbe5597da9399425cf4fea9a2
-
Filesize
342B
MD53e62319f808542e5a04b39b19e414ed8
SHA155c70ea5ef431ae4c14e156bd73a19f4168b5e56
SHA256f3ee9c2dff3d9fd8320da7a52f058f07231e2096e789bf7a408f2e28aba76fb0
SHA512a9934e81f3e52e4ad8751250fcfbf4e9a3acda7287d1a035c726d3b4941030e0274b8c8cf5ff21176052b0a90226a73560fad44981e23237382038faaa3c0097
-
Filesize
342B
MD561caa07397018f6cd6a777c596b3b8e7
SHA17f5bbb23e19b437eed8f5eae428328ff5d0bd0ef
SHA2567f420de1651e27fa59f9555fe9d988ceb8769dddaf30329d02fd74b10c241fcb
SHA51254ce0d6a5e1f13b9e07298d4091b5a6691071323e328b9f91f4ae1f9a8577ccb3966c84e2bcbc36cd2b6e817369bfc4062c28a385fee32e8159b1bc85767f1fa
-
Filesize
342B
MD5ff88642ad7cce89d646366dbb74e250f
SHA15e7f3b015bf8c9557841df3f076e8c0866c3de10
SHA256d8fb24667d2e0c8f474307513237eb0af4e0e950d4e2029492e52734a775c52b
SHA512909cc305648f32aa9d82efe16053506fb3c27c4fdbc1d16921592692e70442122c31369c03757d2a39cc7733de3768b100ff514c48f33b93f58208fccfd73929
-
Filesize
342B
MD5f6f9621d2cf655849816284f9973c2a9
SHA162594870d5a5e24d9896d6a17dd1d710133394cb
SHA256a75b1835809d2b73bd91e2e655a90d5f183f1911250be4c2ced3cacc6beab263
SHA512f00fb1f5c1141f2084ac25a3e7fc90715c6ff40b8d55982525413f016cdce1ba305eda928ba2cba5c0e5bb63f84189d3054576a7bd486353ddd01db83fabfdb9
-
Filesize
342B
MD5863ec25fe27655cdee2144440b6086f9
SHA12230068568762c927e352f01da221660190ae156
SHA25606fb925c542b2c02f218f819af6bce28f6406e22c05c55c3bfa4991784d897bd
SHA512ce3713a41a3d85d9abfbf37f730f77b8db905b94d6e77a3e33a59c8da7d502fb0944c096f757e43b28b7a36ee78d590e91b4de558ffca29046a8f237faf57c2c
-
Filesize
342B
MD5153912e4e2f99325e204ae4e1fd643ba
SHA16bcb82b64fd9d99b742386f579a23a797a0fc419
SHA256ebde853021b89673c36069dcbbd8c9a4acf224e12e7cc8dd689964fb87927720
SHA512359c64505587c28e76b69b1a5d1b70572fe260c0c1eba300fc9b163db5d5244b8c5533a7f1ce15730cd7764450c2ef988b3be63ef5d5eec82a5839e81bea5108
-
Filesize
242B
MD56378ab0edf209aa706e48b7e53f49b5d
SHA1008809dd15c5df68f46d64fc30664169b361b843
SHA256d55c3d5a17b7eee84a993f0c0c2cdbd00b4459a0cc1c4e91002ca41c87ad1a7d
SHA5120bc63a94cc5ed85dbb548911e84adeb48db2d00ca5cdf5b68d56149d208f2e4abc62b41b4379004b9a524557c0700337e8845f1c025c2cd38fd0c39ca040ff56
-
Filesize
24KB
MD5688daf157c04b9b2af5a090ad7ea8c25
SHA1892acc9cffbf53d9e7228a151c753ad2cfaee23c
SHA256ddb2d24946dfdfd14659f6db96de23c8a49bb1f1b48f9be4c658de6d5fadcc26
SHA51208bba8ff2665481e1182873bbac1ac799b440f6a9b51f3944ffcdc23d60eb9fca2441e98f16e474ed8216f8beca774bf88029d12c2524df2bc1f4dbb30b895ac
-
Filesize
23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
28.5MB
-
Filesize
432KB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
712KB
-
Filesize
432KB
-
Filesize
4KB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
432KB
-
Filesize
4KB
-
Filesize
432KB