Overview

overview

10

Static

static

1

f5d7a79206...8.html

windows7-x64

10

f5d7a79206...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    15-12-2024 21:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5d7a7920629564ca7e7b5cdd6637950_JaffaCakes118.html

  • Size

    124KB

  • MD5

    f5d7a7920629564ca7e7b5cdd6637950

  • SHA1

    841f261156e2aa6310b44b6958830e1b61568439

  • SHA256

    378ad37d66e546b65d9fc4b0882540d8cc570460ab180cddb5d74af923b19971

  • SHA512

    85071d587080c075b5ff55d113ff65083aa1aa1321516d603b00839edbd470f60e2c96de55622e25cbd8905df8205438c60cd61e4fd1dfbf2ff8730769d745cb

  • SSDEEP

    1536:SOZupRm/JkaNyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:SOQbukaNyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f5d7a7920629564ca7e7b5cdd6637950_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2164
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2960
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2784
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2280
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275467 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2804

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3dcbd8306b98e80a25ace559cf040de1

      SHA1

      f961cbde90d3a8b6164aed8214f09139d389299c

      SHA256

      a4c5af1d4b50e4cf31a032f0dc7a96425a1f0810134857e011290d2cf842a675

      SHA512

      0ea2aaf51e4f547dfcaa99b16943b3292c03a9cc161ae813e03d35a83e61945157f88e88507be9360161966edbe548b1909e1f07a497b93f33d870ab5164b9c8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4323080bd4b65215e54a45b416e67358

      SHA1

      a5636e7dc1ed47c84e916e1cf1aaf6a31b36b01f

      SHA256

      b0a2305897a618120a65a418c84f6373b6562894a0b7d00c5c862aac8033a84d

      SHA512

      fd3dfcec62c3a2dba05588fd23d92844f952e78854659b3ed3582df3ba9a6642b317e945913b180735435243804df1f5cb1cb93ac48fc68f702ca4b6096a632c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      967409a3641744f6fd98a03cfe32ae31

      SHA1

      c50748bb27d5df29e459900e810c680efaa65f8a

      SHA256

      1a7f4dcd7fce4aecacfb832690735414cc2734abdc3408667c645e3f149ab537

      SHA512

      e0c86e6bcbc57143314e49197954fc6289bfab724502fcbcd5f57364cd808e1fa8ae4100ee41da23234c8e63e3e4aeeee8ea9bcc9372a8ce808f24b128771a3d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c62c26aff921a80669f4c5d300602dae

      SHA1

      ada57921ab1d8ed6970a1a0e55ed6dbbfa284593

      SHA256

      8a47ecfd7f226b232b5a5426039f6e08f41f973b4595061ff5420b1de27573fe

      SHA512

      1b67e28bea589f452ebaa79afbfbf5bfbcecb26a28d452c015b40bc8cafe5ecd641b58f5da1e16ce4a1fccbb13f839e1045c151e0df02ab967417977664c6098

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      50cb587b0ed74d1cd0875109d5ef44fd

      SHA1

      d9e108c082b5feff6fb8599aae72a796aa3415e0

      SHA256

      8d6a0b22da9349b57705f49c1cbcc55c592778d48b78c755d7aa5066e0b73d5b

      SHA512

      ef9662955a1e8547313e572e9e6934b612a08a66b4367d7ebf800649c8879f1b18298192b7dd8865b1180e403a6741bdb20fda5f58b7e239e90e57ab00428928

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6908e5b362cae80c24096f8480e118e8

      SHA1

      b391e35dd535bf137ad60acceadd2c89b3242a72

      SHA256

      4bcce9443fb0e51f6e9192ddbe3d6d750c5c8d985caf5a763163e8aac4cd362b

      SHA512

      251388d40747fc15885be1899eb25000b6e952579c5dbb026fd0db1bbe693085ada6b5d48674de06aa0bb351c22532f0356f04b208029d87b6e3e39663bf1902

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5253bd1a1ec92bac5680255bef6caa42

      SHA1

      335e830ad96ad33009873f9a27ae02936648a3e3

      SHA256

      611d6e6661074ca04bdb298d9425fff3716cfa19f8be934d67595b3a6117c0cf

      SHA512

      f9b358ed31bd87f2027af2c1e485fa89c44495f342ed10388b7fff874178462f5e1b9e67e4032ec5630960a49fa5b687438c1b798d91f50f1a8da2c3ab314ddb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      48ee941955fe84b295bf2161f2c91d38

      SHA1

      4d7e1d2a05581d3929cf3a89b9962349ac11df67

      SHA256

      41bc93f931272281bb9c86e48bcdb9ad576492ec09dee86d4128c2e53cd60f6c

      SHA512

      64ccfc35bb605ae3f5d66475a60a5a2efc1586873970c6b94133a5d95e50e9fa3c30a7dda271fba5e8d497d64423d2db8efa1249dcab0c82350793bf4d2ffdf0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6d2a0e9f9c41c1c82cfc98e59affee82

      SHA1

      5e5a2bf27154064e9320a45950e9f1d941102b28

      SHA256

      3c5c1aed1549b761ea6f78ca77d848ee846f918a9e2e3a6edec9c51bf6f9f452

      SHA512

      a7da81d34b2d508d599b3421316966249d58ba2f2463136ffb83ce5f614151c70674d4b44c23c779e5a9ea730f06d6865738bc65a9406199dad1520668bccfc4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8c03f161e38b5c581416ef0471d2d249

      SHA1

      2d239e521a0013d891cff553bd30a2315acd3007

      SHA256

      7feedfcaab422c0ed4677d09ae63dab7ab020f19533b9705c7bd377a6dd174c8

      SHA512

      e419a7be1ae4a03ad83e176aca16874138e25182e41f0f070ebe48cda6a49134a6bbc5a05173a2fcfa9163439e1215e4094bb4927bfa538d6cd94d67c3a608c3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab909E.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar913D.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2784-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2784-17-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2960-7-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2960-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2960-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download