Overview

overview

10

Static

static

5

f1e6ccd45a...18.exe

windows7-x64

10

f1e6ccd45a...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-12-2024 02:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1e6ccd45ab54de64dadc9c460400d49_JaffaCakes118.exe

  • Size

    106KB

  • MD5

    f1e6ccd45ab54de64dadc9c460400d49

  • SHA1

    111a1ef2ac316d4ab412020d047748423ae6b878

  • SHA256

    a2e31c12680fba339f989c237dcf22ea343e60ffc72713982dda1be450fc30d2

  • SHA512

    6eb03d43ae0c801a092eb54192ed318d06e1e336372943f49ecacb0db97d77c5e9ba62435dd003d1fb86f52d1e9ca15a67dc43589a6f7d438830f554d3ec2c3b

  • SSDEEP

    1536:3OC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfB5:3wV4OgSzBmh04eZFkz3Rr0gwGj9Tf8C

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1e6ccd45ab54de64dadc9c460400d49_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f1e6ccd45ab54de64dadc9c460400d49_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3000
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:340993 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d4443fff1e4b6b8f98869e0cb4497ff

    SHA1

    d5fbf8501ae84eb771c330c3d8b4c30928c42082

    SHA256

    a1af58f393193029f126ac956282f09096f44e920fc557bce64ea7965526e955

    SHA512

    64bf69ae994cc32d21027e6e801033cfbe27373b6a8715328a375cf0324feb6811a3bbb3a3e280d41cf6265f9e53a6f4d0bd1078fc4f33ccdf5bb9e30786f984

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    145ff33db91461369444d5d461a478ce

    SHA1

    fbde8f13b68ae3b11e78e2925048fb4a434d2564

    SHA256

    48b45034d0091c009231eaffcd985ab9b4b267e541e5d5406f1e05bb6258cc8b

    SHA512

    4b5e18483b56ed8770086c825ef3dd555a13c609b83d9e100c9abda731a5f71c94519bef1c23418049bd257537a6a4bbc3a0ed85a70c31fe83343d10837ce62e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    747700dfffb658d3b7b71f5f360f4d23

    SHA1

    79de0cd3d1b773f62ec500dd6716c9d1d0dd81f4

    SHA256

    33b25eca66700b5441ac54c900ccd320a6a2b0819c537dba88ab7c2e8ae7a44b

    SHA512

    57a7b2ce875702fc873b23aa01704645a7d0c93ba22bb0f32ebab1417c5afef1704f4c369a61d423ddb3d138b3375dedcb8c18bc9019b25de9fbe21674a7aa6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7bf8aad96e567b9f71360d05419c6d47

    SHA1

    5f6f8dc79b53f10046b11e8156020f75d7a88728

    SHA256

    c63cfff2acc50d3e7b9dd8004913c3b1c5f58e66a0f9fc8ec5c087bc2db66b1e

    SHA512

    c0633eba0c5c2db5c26ed3fe1a889060184f06e12348def1455f6e4c9a7dca2c38631d9a69efe8297e6c14b68d7ac43ec12a8713e06042052bd4f4bb103b72e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21793226fc84d280a95d65ef81d939f1

    SHA1

    3c9ae2ae6d8248eb69cef0bdb54f5e2f5aa892ed

    SHA256

    e1bcbd3cb99409c56bcf20a42dc79eb9509d89422d663fdcbd048eba50f9e868

    SHA512

    38ca4c687ac2ec6abe7017e6390327ab96b4b88a253afe80f5c652ad0e476e01366a172cd9e5824f93179bc1436b7247f655792992a77a935667187c42db2313

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4cc6dfd2d1f86c9b448793c36d8fd279

    SHA1

    dc4d50cffb6103f4a9eaa02820d8f568e4467db1

    SHA256

    073771ca7191fae141956c610a593fd14356683d0ccaa82f840982a4b44e111b

    SHA512

    1c1325551c1fb0d08a7238212b267bbf91261f3fa594324c736e35667fa1e46e046161f4b9ed68337b234d360fff6640e0bd937f0d958b2c4300383dbc166455

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6d43d7ed432826eb340492ed8d17e67

    SHA1

    91df0b823ead0ab881a90eb172f8c35ff00990f6

    SHA256

    ec8c25a287f71eec3f7ab41c34448cd762e0dbc3a86114f08b42ffc0596643a1

    SHA512

    5ac94bea47f46d00e7768183a6ec99cef1791a58de1795e5065be8c10e378b57522d777d3b095e7e238084f662da79c9512fe63bf4ce06258992d2d0890fa682

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be1daec249e92165fb8e830038e00843

    SHA1

    5e28ce3cce0468d9372840f0bdb20f27bb9ae6ba

    SHA256

    06af15f6437b6e44c665dc31888781faedf19ad976809cef442dca863db807c7

    SHA512

    1f711cfdaac98d7290117b73bbd0a58cf4b861b5c90453abe82a0befe8610dc010a19d5822dc65171a52e7d13692a52fb8a3d3a3128d951b04d10cf9643fb1c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1acef22111a9ef39331f46c6348028b

    SHA1

    7ff22c880e49719bee54f68b8eaeb69aae88d75a

    SHA256

    da12d25f42b29decec6d7e720fd8da86657b36f365cddf66c085a33106dac611

    SHA512

    5382f0b4131958a8afe4693a56176589570f0741879ebcb812356361311b5c2095bd11a79b5820a954b6fbc9f2365ee9ded93252170e75b4099bb74fca879568

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9c1707c9d95142c2a8e392c66319d00

    SHA1

    b39cb83ccaf0ba4764cb8c92068de938dc161de6

    SHA256

    e42d2fa58ba55478223b18cb8cc13a6f8a83419e18cdb46b41618e7449452d32

    SHA512

    35969ffd7ce8783b035adcb96dec402fe2358385b271b80c3bc9b3d5cbd15facfd90e163f0cb77b87a98b799eb251c2730e62d1c89953e9b5e32ab8fb6490cd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbab6c215f89136acd49b42d5334dd6f

    SHA1

    89c48833f8b77ceed89dd3ce00bfaf5c0f13b076

    SHA256

    f1e6b71308c9971d7eefd680def96d45be2adb6c84f45616433e69a9d9ecab6f

    SHA512

    89fab00582fc8ed19dc0a8d5b53e13af19f366656dce57fe1e8e8c8a74a43ef6c3f1050ecc067bd2e7ceaa11851e6d998aa5f2d05a88630be14dfa1cdc65a2ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1515d5060679f24c04489ad82c1e97ef

    SHA1

    3c4665cca5434c9d78d88484af164adcd1d2a2a8

    SHA256

    8e91a3bcc02625705dd080776fe22fa790c6479d3e2a4656eb0253c315eecd79

    SHA512

    8908f961b30e3ba7cc789cae300a523b066bc27812004898560e5d43d51f5926cbe03eb2e11ec846a4d53d6d08ed48ffd4d6911dc1080cc38aec374d5ed7b873

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db991a0a3283905ee9294160963c3943

    SHA1

    bcb08138a3c9baaf74cde0fa1576cc89065ea057

    SHA256

    bdfeea1debd1d79a1b5db6b91e34224d4e270bc24645c3d4145ec563ac4a7888

    SHA512

    463e8adb007cbec8b5a74ce12f080b42737409a0d125ca1657c753c16a0a5efe4115944fff063dbd36872496e4738fce77934238a1bbe33dea1d38f6106074e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6074d4774755e584b4e2beeb5a9a88a

    SHA1

    465a073c9961d0ea0c52a6d9178ed30bda48c93c

    SHA256

    d9663b6f013af0171057ac469e720dadcd41229569b530b3f30241546c07ef63

    SHA512

    e318dd6e7ac45525bf121cc8dba5348ed46434b3e6236897ba792579f463e2265a0297b7ccf3282feff877aa1851175b83115071391be2e7d97bd4caa32fb85e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4117d4050c7075738e726c076d32bc1e

    SHA1

    21a0388c9fd9ee9dc2b7a826f88c4bb62b730f2e

    SHA256

    cfb964df51396629164917bb09a513f57afa279a0a8a930013a6a434027365c4

    SHA512

    c7740d7b91f620b1874f41b2a21b2d19767528a799f50fc8bfde968be807f9672db1298c75b131356e7abc7718ae532f206e96650d2bb0bd11e30df7eb757b64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04a9e9efb2fe89360d6727a743f4eb95

    SHA1

    e48606d033823102cd5a8f6cc7c2e9d346af7036

    SHA256

    64a2f86c8a8fa412127724cdb9cd027e7c6cb16a428fb4761acb2ef0567d0a31

    SHA512

    297132067e88f93a2e9646f84be40308dc2428f17f5f1925b8314f62dd5d16ed433e3799652ea0473656611e4bab7bf8f4ae337c1de9873fd7f1fa1d08f3df78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f61e146cc1b78d4f7b98f9a7a7f345d8

    SHA1

    e0dfce1b673eafa82eb03a14a1a87a1b9f5dc791

    SHA256

    84cb7933bd436eccf98d4f2e3466252927bacf4d78a7d382a0a365e3df2d7deb

    SHA512

    2055a9b697d189d024dc099dd9d9cfb77495ee867cb59fb50f0e5f84ab2dccdab0bb50d0b6d363244c6920ab2a8a69a3bfeb5c6e356a7e6a821bd0ffd3d9712e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6de2742bc4ff08e82e7bdd28a197448

    SHA1

    d85fe91634146dc6e199d46d1aa4a3ec6f6f73f7

    SHA256

    d7e35b8369342a12d8321ed8e64e451866b5655ace3c2b4d5299be0416336e94

    SHA512

    d3c70c97b3fe0411c4af80a67f65ed4ec2df0528f02556fed793861ad7bdc8d177cd6b196a303f11533c2084d63536455f88a4a1159095589f342a90db1fa593

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12488362ba4d45d1a39868f608b0b008

    SHA1

    05174ef1bfa3d773fa95f0e1bebe084fbb3009c5

    SHA256

    d9bdf6f9587f869c2d84a400c5e674a0ba5cc253f1aafe34e5a153ae7a61bf61

    SHA512

    ad1a220df9b5cb752f71d51d33d5bbbace95ad5a2adf941bace35cd98b74cc22c98776c9a32980e22fafa41da500838a7cabc6b5b88b451831bbfd374fcf631a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69fd1aa86fb0f97006066cbb0f68e29f

    SHA1

    8ae4ee740554f4e9ed1c951f34685d541549ead2

    SHA256

    e226b269a07854a5824b4c4d9ce1836bc5dc8d2b04c7ea5dbee1f2a2f52a07fa

    SHA512

    346e5e17bc8df56b3bfa21e1c02fe156795a4a2c036354822e5cbfec912fa265b9f97283d21c720f72c7d74ca23c0e52897be61eec47709c8c5da6265ee90327

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc46712c583f30922f4e783df4e410b8

    SHA1

    ed290ec64b4683b983713c22aad538607dfab71b

    SHA256

    9bb86ce010936eb8b5585c534ccb3de299854d4f3a86cabdbb7761a44948a195

    SHA512

    7ef5061260f53163b6fa211d5f24a27e8951c6d257c57319a347ab346d3add30e0a2b368c48804b975262bff5b326d8f86204b92b2da7cf088b2cbc3aef82de2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{90C2DF21-BA8D-11EF-BB15-5A85C185DB3E}.dat
    Filesize

    5KB

    MD5

    8a1bc4ae7e422c6e777574d16ce4391e

    SHA1

    4b1d8f82584655a1387a4822577945d8c7e0ebbe

    SHA256

    ebd3599588ce7398cb86b68e889a9308937fb7b93c1a3c8de95dd92e9c0edea6

    SHA512

    18b5d3b55092ef90c88136106105e4d16e60bc5da2260fb6e15920eb74aa7a195613bd7470b0e5c9e2a282171344dbcc454ca960e55e658d6530e631b4a2d04d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab69ED.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6A6D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2708-2-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2708-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-0-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2708-4-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2708-6-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2708-5-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-3-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-8-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download