Overview

overview

10

Static

static

1

f73489ed29...8.html

windows7-x64

10

f73489ed29...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 04:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f73489ed29500a63f1932153ec2c43c9_JaffaCakes118.html

  • Size

    157KB

  • MD5

    f73489ed29500a63f1932153ec2c43c9

  • SHA1

    7a6dc03aa723dca443c6463d53775d7fc62d835c

  • SHA256

    7b40aa8f215fc1050d1fd110bbccedbd23d59e6963916f56a5874196cf8b0c11

  • SHA512

    3ead46c7c0514e1c6ddd9459443834f0bd9d863839853cad2e060450a53627b546903252f2b06305ff39115eb74b9315fd241b97b26e61207b7b85602789641f

  • SSDEEP

    3072:iPanVaycdzeqyfkMY+BES09JXAnyrZalI+YQ:iM8BzePsMYod+X3oI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f73489ed29500a63f1932153ec2c43c9_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1420
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:568
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:288
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2320
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275468 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2440

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5053c5439c753b9d0c2a1c0719085aee

      SHA1

      63313c57a0b2ed814fba6b2a195cb65e7fff7194

      SHA256

      de253e733a70d917dd2ed2e0d88cefa9b645b2d77e5a84cf31d505cde02cf5d3

      SHA512

      be6059b7901e42a7d8b31eadbd2f478de1f99165bc06329839095fc137698ff73c0fa9e2782ee8b77c773fb82a352075a5a25ae5a80fb0aeeb346b70d06bb197

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      485a5eb6b971b7967c5af692a4e0dfa3

      SHA1

      7296d583e2279c598c2f729b314c9914c44a780d

      SHA256

      0211dc4aaed7f994ea550742873dffaa6c39d0744a984d88de117596558e77c0

      SHA512

      f8337b7354121b1eeaeeed9feecd861bf83ed49b8afb42d97373f59719e878c026b19ca241aed3298316694dc500ca6f37d61d4bdd6493ed1bedf5902dde7928

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      59d897a940d77e8f605ab8d73cc0b848

      SHA1

      72882810148407c48dabdde9399651a901e92e42

      SHA256

      0435600e7effed286a22eee269f72afdf31d909d35693ec58626706cb3d2f91b

      SHA512

      70f09b64be1c47073ee7b30bfac6d1394eefecb8b74b569c1bd3b5394986e64d9630d2ffdd4ecd2cfd0c94e6b08b6dfe6ae325fa51f9eef54157a02e34f44360

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d9880524cf3a8764113850e74a618ec6

      SHA1

      069dabf8bb2f76b2c54f2f1792fc01d263150a1c

      SHA256

      af54462f70f51dbde2ddd6157c20b60751d8280cc5b7f9c7db0f34d6bd749e29

      SHA512

      493da04f025f8fb755cbda9d2cc0342ae292307cd8644a1f9bc6b784023b7435c0a4745b941e293894bc46ab457eafb6533a598ac012aa3926d170d10f22a0cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c3136831ade20d57952a65111f6a9f13

      SHA1

      dde0783fa7f906d18bf1c7544a18a5b86242b0a2

      SHA256

      9e7014b47bc46fb99483409936c10fa260ad4e3b2ff369fd40aa56577c6ab6fb

      SHA512

      5566b00538906f424cfd5f91cfc7e646c6bea198f0fb3fc3c424d560435050ea979a0ccc543b5809e33204bd944ecf0f171db0dc5803329879cad64061f36673

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      48de3e42829ddac991ab4e24b1a866e0

      SHA1

      16c38b2f78f2a84cb6c9ebb6c48d34756ad00b0c

      SHA256

      edbf6d0c4b495f485e27b0ff9cf77941f74281dd6528f2c0c5b1fc6fdcdcf937

      SHA512

      ed16113b6e7bc1fc42600271903fa021be2f7942e4b049969d43e6e574814c8a8d40989bb5bab88c73878c3fe7eafe9a946ca8fa673945735728270bbe29d7f9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ac790ba04ed917b2fae17acda7eef32a

      SHA1

      e8a8fde5f6f8772c85841f34fc8d7921ff253d70

      SHA256

      4ccdd50d2bd5dbc1bf56773570be5ebcb99317885dc3acb552d1d1c02de5abaf

      SHA512

      b964f220b3bb2f19428404e6ddda676a02cfc0e27a9078aa4d49ca8264994d9c0837bc7a0e8db7678dfbc236720172d2ee7c928861818a0388188e47dfbaf484

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3a992793837f74781fd08b24276b4193

      SHA1

      932aa30c8c0731277930266abfaa265d6d658b13

      SHA256

      991617daa83d7ae99a3ff62457062e08baaab8114870a95553540051032aba7d

      SHA512

      8d882bfe90f0b70773ecac9d46147be741ed081ddda20a3948400259f35d28c5c204344453308a896766c68e62f0ec3f7cb2f9b34c366b310438c85b76102606

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      684cc280e354634366ad2799af29e8ce

      SHA1

      0efbd75b809161747d2a14acb37c3f78d0aaf9c7

      SHA256

      e52cc907cbd8be7c33005ad54b3e6732d46a09dc905beb8775170c47c8b8e47e

      SHA512

      e62146372efea4fcb74cbb2b8d354e945ee2e7391f1db7ce87b3a684b1cb0084f06c71904eb3921cbbea2da4ce8ac14bdc6f97548272f12e7ed3bc1da71f4610

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabBA1B.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarBADC.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/288-443-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/288-445-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/288-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/568-436-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/568-441-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download