Overview

overview

10

Static

static

1

f453e6b746...8.html

windows7-x64

10

f453e6b746...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    15-12-2024 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f453e6b7464a81480dd4fd47ffe6b661_JaffaCakes118.html

  • Size

    158KB

  • MD5

    f453e6b7464a81480dd4fd47ffe6b661

  • SHA1

    8d7a708ffd7c4aae5051fe084bed645c2dec9446

  • SHA256

    48750ab89a8e4f947b560940d555186a1827983d1eefaadb1c9279baf691c21f

  • SHA512

    f264be5b803e08f64b1b278bc3b2cb83545e321f1c7950c92d7c6fa605f212b05c881afd2686ffa203931b8c47015a3aa691124686569441f828893fe281bdde

  • SSDEEP

    3072:i9pd1sUEcMyfkMY+BES09JXAnyrZalI+YQ:iR1szcxsMYod+X3oI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f453e6b7464a81480dd4fd47ffe6b661_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2152
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2164
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1508
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:472080 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2376

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4c198764a495229aea25bbb8ea48ca0b

      SHA1

      790d8b29a1bc0b6241991937b5990e9f2d87f2b8

      SHA256

      d4d00c5207fad2eb5604f8db67842008a6f121e305f261e4b36ed8cce8f9a69e

      SHA512

      11bffdd79a88c49003365d2969ab8456752459446e94272cce551dbe0091792775c676a35b0542f7e9d0a8694313d4613b6b4546d0d4a28059090ddb7c6484b8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      32b571e721222e6a2f960b4ed0a8ceaf

      SHA1

      bf75ef1ceda7c6beb6d7528e91da259e0861e155

      SHA256

      49c5121d75d4daf32606a6094b18c695f0cf44b1d0cffa251399057669a5b844

      SHA512

      4e8e2a02296599301b98a6f4cc6cc01b2b99778fb682d69a31586c0dbd5b1498bf138fc236ed9ab9286558aedcd6b1549535f1a06f546bb9201a1392489ad1c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fa57f0ba8c6a3a4cd6b3116c5866f5c6

      SHA1

      ac55ddfcca9c6e81ed3e89e27c9005d363940109

      SHA256

      4d495ffb86a597e88b8e1465e351bb4aa41b78de138b5d1d51d58160997f9c9b

      SHA512

      b3cd9047314f7ae34143a477bb74e67f45aa264d69c2511875905b8530f2bbe0dd1a390a5216bd83878f2094502dc9ecdf99a8862193a5c12806303898f31650

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a552bf59d43e251be1c36299acc5e9ff

      SHA1

      b8ae4cf6ac1d20dbffa678c0e67db9f60389612d

      SHA256

      323fa92f842451bda92cb610fe5be7e787ee938eef4baf74027156a79aced604

      SHA512

      9d5c31f9c103c07b9f84f170b71f4e0bb8cbdad0473573564897a8f1c2beb45272e32b47b5fe570a354ad84f6290c48c2e2f5084147ea4e30c68b00289c08cf8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e7095b1116a8207889c2722b5bd00eee

      SHA1

      b8eea6fe1fd1c7bf9558007004271f6918591272

      SHA256

      5124a3cc8942bc8838e7807e4706ac58792e3bd0986c8ce4618d130c0a589740

      SHA512

      39063c825e5845a7490ff5fc7ea90f8fda3de6d11039b75864c015ce25be709c2648c8ea740e005ecaf00ecd24914b455199933cc8aa3f2c8c58be0f250e437d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1a274a515e13c6f620c7c449254265af

      SHA1

      7207df8764e23217876a57fa6a7f4f9311d947e4

      SHA256

      daedbe058298c9b1a0fc7f5d034a07f305bbabff4892951856560fce0f2c8644

      SHA512

      c707befe0d8ad6d035b3c75896f6aff9f9747e6168240081e6172c9a3a78212a4a4bfaeef48cf0170f7b23eb91e9180debbc2b30bec1810fb9ed98a512f2eb70

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3d709491546faa3da924f8d391b7120e

      SHA1

      a9693849547fd359638beb1e57dd7c53ee9c1155

      SHA256

      bc63ccc6360e38e7045e457f917651c4fcec16096574f2c6b01fdfbc1543a9a4

      SHA512

      a1210c751da278d31f7604527adb4267a84d180f39134ba8aeb489a1615337ca0e41b500c5283d952e60c5290cd09cdaadd72fbcfd6669bede6442aa8e3c29f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d091c3803c8de83a201382e379606de4

      SHA1

      f9bd333e636a6e02bc5081c696fb3627b4ce10f1

      SHA256

      d344b47c422945b847e869e02770c25c0ff21763d473e84ac6e9a522f05bd67d

      SHA512

      8ecffd8e0d10efa32d881b2579280be4caadb0ba6ac981ee9e1251ce848d2075c29857ef2643eeb8bade52254ee2fc6844e56635cc85c2a15b4d7951efb73905

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      429af6722738552f2a5fa8ee62929d2c

      SHA1

      ded93363a30fcbce7bde7c30de472ff16fd6599b

      SHA256

      39842f36a372e56f674ef6b8c8285f1218387abf0ae59b174cb9d35304638874

      SHA512

      97b9e81b118406e397859626fc2df102d4235ebc20a120c84fa78914761b2c3674f679caeb253d773ed79941719ddac9aa7def222a852abb28ad5d05c46d565d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b98bb71dea3e06e337bd3fe9ca8cfac8

      SHA1

      44c864fef8f6b0c04da64a14319ac8f01a5f8a69

      SHA256

      65edb8389dfcf7809eee7f4abb3b2bfa5ec957354b35b9c61a346501c007253c

      SHA512

      ed487f6b01eead814a6b2b7e2033c8c79b246932a51d721338c759f2a8f3be9acea02741faf583e648a841252961ecd44ff11c388306c7b0fae94207cccec4c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2f19d9a1c0d79451c5d1309e51165aa7

      SHA1

      3dc0cabdbbc2782de1f76638d30edbb37f796d7c

      SHA256

      bfb4605c5c2ca09ba8ce06fca4d84a7c45198690815552c6b3241dda973b5cda

      SHA512

      88ed0c630cc19d202e344efd7c777875f5f09aac7d489095cc224cba63261251bf09b5b367248899552935538eb8651d5546ec3811eb5494c04d208e1f8a7e37

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b72960021feddfc8e46cf2eabe9dca50

      SHA1

      82e3307faf99b44896781270462edbf4017ee07e

      SHA256

      4e7dc73a879c9f1cd322f887e370fadb73a662bd6f7a5b86f354d90405c094c2

      SHA512

      cb45e12d3b806c183eccd1f714b9fd39d32602d71b3ad09f9393ac10a9c4ad35239100cd56555764de1a3f67dbd40c39e377ccf1df10635875b69c752685672e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3c8937c55954b1d0b7a8b85d3db6dcba

      SHA1

      edcc1bb953a35f46c03ea5b037e864671b7d1eb6

      SHA256

      cd6fbbb3ed3cc7c4bd1cce358bb1508c621f7541233daaf51a192c3f6e0014f8

      SHA512

      52d8de3d426a516a2327c56ee1ede3379c4d5880deee38cadffb3cf1d9f3092e33fd7d5c51e7bf9931b7e597361b21b11050fb497322d04672489cfd912fc1b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f3910892e6977f0909cce5c2bea957aa

      SHA1

      ebca5733c3d2d00253ef8c28ef0c8c1ba65a4b2b

      SHA256

      be51d9cf24d3b7739ac72bdd76e82b9aff8feb8cded03056f99ee4d5d99b479e

      SHA512

      589699891abdbdedc0ce11251a1ae4dc492b8be0c2d4477f1a7749e0f08f04dba19380c98dc944c61480a38218696dcd53848dffc21c2a64f8c8c9c00ffcfc50

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7de44fa88fe183fe1fa4bc7f7727bc4e

      SHA1

      eec0db88749c66a96d52267923949723eba147e0

      SHA256

      22a85642164e30a587251d23011dc2f771eda0d8f6ce3016bb75ec3ae07230f0

      SHA512

      e03b4abb40b4fa15eb0453e4209805200d6203115440641dd1b90a20b5e9f2723565abaa4386ee18759b76c9c75f26738353dda31e4878bc798680d7aa21aa13

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a873c8a33539d8096cf9d8674e61144f

      SHA1

      4d520077ab850f08b856a7008705ad8348e86c6a

      SHA256

      b879e36fc7b976719f015ea7828d265f2a31f6aea50f07b07b5abb6186155bfc

      SHA512

      1472b2c22e0401efeb863592acb128055d51774ad602379267e82f1a611ef4c920c824b769c7db03ae9422705324f0ff008c0748dcb6352b9595937cde861de5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      629b5acbda150affe7121f0ee0bffa56

      SHA1

      621458a1aa3642d34dd977b68508412b64c5ce74

      SHA256

      806f6ae0b6f1bd43fb8f7b87d7d765ee7db886fbff2e14518dc88fa578ce0657

      SHA512

      5064edb158b552934b5d207a66cd20ad46373991f6f3f6e06d7fae0a183815b3f190f0482c8489aa74a26e1952b3a0634fb8db65ddd5ad8f737eec08ff937e4b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      92c461dd430b009c7939740007e6fb7b

      SHA1

      4962b0b41f1b74d0dd4dec254b37fc0f4e1bac71

      SHA256

      2ce64218cfc6ca4556de4caf42bf17ce6b36ea10a337b2ae88eb2b5ace803346

      SHA512

      e9dcb4e6ee69450c55bffe3b953b53dc50952b312507ed187fd7ffd051d686d37e180c21782f4687b70e94beea0caf2aa79eac111e44d2fa2d60e5b51914506d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab92DF.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar938E.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/2152-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2152-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2152-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2164-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2164-451-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2164-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2164-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2164-448-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download