Overview

overview

10

Static

static

1

f55a170ca0...8.html

windows7-x64

10

f55a170ca0...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    15-12-2024 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f55a170ca0b774c3210db6a1c9466577_JaffaCakes118.html

  • Size

    160KB

  • MD5

    f55a170ca0b774c3210db6a1c9466577

  • SHA1

    6c1edc92613cd7ec955f45a2aed2d365e07ce37d

  • SHA256

    c99643b3d59ff1148b3235028ebd5e42f7826ed4db285836fb3eefc0a5348875

  • SHA512

    6adce1515ada4d8930e2e7ed58bdb7bf07de52970c0218a0c9db8f278698bcdc25c98533121c47a03a0ede4c65bc62a26caaf3368cf8723c86400025cb2f92ad

  • SSDEEP

    1536:ifRTqTCytdsr5a09PkdcyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09wee:ix75t92cyfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f55a170ca0b774c3210db6a1c9466577_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2056
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1556
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2972
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1628
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:472083 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2088

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3405038bcdd520a96f7448b3fdb999b2

      SHA1

      82b379359ccb9e8b668f1e7c79f0bf0c3e417e1f

      SHA256

      c6f86e0b443344eaa44ed2a17c1c78a1d5c6650f79536dc68333c322a3dfdb8f

      SHA512

      2bd9aa5bc1cbac52d05818b3dab7e2aba28d3afe8b1c8aeade3fee0a1a3f3e3d0b6007121185af7370bd3b7bb65672593d004de107c7e7cd033c36a48bd7be41

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8f38a65aa15581a2adfbef707d4626df

      SHA1

      8296e2ccefd390dc8b74f46bc13a2b6a4a7e883e

      SHA256

      0aaa33c59b6b32dca1e5c3755633e91fb35404c0476ba1d8fb27cf7ee6c1520b

      SHA512

      05e74b7bfd689748a58fe902e1112a2fdef37740db52ef50ccd10d729e1e170ea2c6dc870dca588bc669becb05def8fe5479149aec041f61f8063a45eb65802c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      13d3bba8bbdb894670665a33d72438da

      SHA1

      176965c8aa5aa465c1253f5ec0882c971f3276eb

      SHA256

      76a6dc0cf6033dc171b386cf2af3185922354d1aa28084bb82d6f1802546238c

      SHA512

      042322be1b33295616b4c660112f65a3583e6d9503c45d4a723a9e071e4ddad40554bb0a2e06e6e8c7242e2abe197261f9af3f88ca6c2017b1d6776c8fc52d03

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1007913fbe3d02923d31f32b88518fe0

      SHA1

      f8dbe0969987e1ed64f1fea479d69851c2e32c44

      SHA256

      84124668369c53867e62e3a305acc29758ae25171da03c252f855f8253a83d4f

      SHA512

      311a06a80add05decd26b17ec8e479192e9f4cd4ca8ff37b9c710509ef70da6232ac812b43bfbf9d28f08fe8a79fa8818596b8e03f4d4219d220dd85841d11fb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      08d3dd9560691ff823c3917061a8cb7e

      SHA1

      4ec04a3f1e9573ffd356630cb41638d8e92b2e6e

      SHA256

      7c6397880f805ced8688dededa9fecd67c0683ec365751f09c9db9a84a25df30

      SHA512

      2c06f271637ac292ec21686558d631ce8bceb25ef6a2d97ed0757487b81b26eaf2cee6bdae22b2874ead806006692bcdb2da3a29f4a8a8a11991a3940774dd5e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      484f5320930afcafb492c8a3371064a2

      SHA1

      770f10215f2846f70035564f38f86ebe637c0f2a

      SHA256

      71a535f39ef6e411f5da10e6e0c581c9ba0e3dd8d8b107587491bb5b5b0af6eb

      SHA512

      ca4b59ad0c610eca9184dcc98ce0b1f649473ecdc1cbc76def12c2b19e7ac1b550072ac717776983a9f441c29ecd16ca9d4e1705edc00535b3c390977da9abf4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      065a05cee05d3109d8f310b6cf09d0ec

      SHA1

      5e8757c795d8ac7dfa1a8bf15bfe295abaf12335

      SHA256

      e0b8cb137d97dff2ed6e235b8fc7d3e63117aea6b63d9893459a2e74db467a08

      SHA512

      8fb181dd0719a53a7bd99333feff919d7aefd3f67ef1984b3560e728aa5f34ab5988d87473923d32c18d674b40057904cedd5ad55d56f3f845184d2feb44d008

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      43e040b72b07a69a653205bf9cd0f83d

      SHA1

      dfa335009daa5293e251bc618fb43b1216098d89

      SHA256

      ee7862d5749f6d02d52482c406de707d19b9089f1a7a4e181e1b66d7835f7b77

      SHA512

      b0dabc42ebe900f38770caff20a496e04cf9cfb99fd4e3657b9c68f470d9a42e5f011e2f0f5d9be62b96653ebcb0c1cd10b6db2bd2f86feeee737eca14df215a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e550f22e1f2195b0d0a30ac004801cf7

      SHA1

      cb393122d4914d14ae7a8c6ff2acbb975698ebe8

      SHA256

      9b86071cac4ca51235c2fa22a0bec3d2336aa1fb1bf136ae7e4804e8ab00b580

      SHA512

      808b40c2dacf326906875f19a96c3436c3124c33df11008bea0fb5f0314c75f39b559db1e6b4a38896925c9fc6e82653f99b103f105f155a982d5488d5fa2def

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fa9f4637d942efe84be58bac0eacf201

      SHA1

      88da1655f1944759dfce3d06b287e5109941b9c2

      SHA256

      623c8d67414011d9ebeacefd5db98f235cdeed4290c0964dcf48aacde2f0a96e

      SHA512

      8bce86bf3df5d5acc19aeebdb5c4f759d28a8aba1d7a0ba622a427373c835da83edef8de72c326492315329b8e31f0f4a0962b568efa10caa8f352801b36c074

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabAC77.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarAD83.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1556-438-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1556-436-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1556-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2972-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2972-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2972-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2972-444-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download