Overview

overview

10

Static

static

5

f8d889c1cd...18.exe

windows7-x64

10

f8d889c1cd...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 11:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8d889c1cdae594d5fa2840abba2ccc5_JaffaCakes118.exe

  • Size

    106KB

  • MD5

    f8d889c1cdae594d5fa2840abba2ccc5

  • SHA1

    8f7c88d17e59b2fd1d3ca24d669e4397dcd2e229

  • SHA256

    5d05fe2c4ebcd896e65686e189eea77db1f3bb8f34321b6050fce7c5c5edc4f3

  • SHA512

    0e382ab4231e4a68537a7053a10e2be291ca49e65fa4ae0c63bee87deea1083fef8d52339e01dd843ff8d593287903a105903299f87300089b63724dcbca765d

  • SSDEEP

    1536:2OC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBv:2wV4OgSzBmh04eZFkz3Rr0gwGj9Tf8s

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f8d889c1cdae594d5fa2840abba2ccc5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f8d889c1cdae594d5fa2840abba2ccc5_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:340993 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2680
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92aa5674b6cfc90b9c489a2b336d1034

    SHA1

    491e3832adb9a20fbfa0923b852e5d8236d4f488

    SHA256

    b4dea9094d61d0fa4a4a63df7caa1343ed67e367642196e14790e01c54570944

    SHA512

    1905515acc186265d33f1380db4fbe4f3af5948593d9cd45b7c5cc82e42e4878987050b424f5775d9adc7d0cf8cb324bd377e5311eb90112251fce7d1f25f1ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48391f276206f02d9124a255d788a758

    SHA1

    cb18a3f576d9584b93f7b31d7c3a1ae4b72813bc

    SHA256

    85c2e78cfe7f03730a04dfb6cc23bd254f78d8ff7fa67e175dd33a4ec1129cb1

    SHA512

    71619149fa355f8d19cdebb1e1922a2c37d90c6a0e5ea78f26e15003741f8ec5a2ddcfd2e1cc43d59362ec44b137a067200b94b1b9ed387da751bb5ad8422cb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3acb26267d3e686d67fade378899d72f

    SHA1

    4aea737c3f0871d26feeb4f3f0ed2b2261ba9c24

    SHA256

    769aecfa69e5c4491f9b2055d9d21d6dd107d3b0b1a0732eb4f6757a1e5c3b0c

    SHA512

    bb6cf66f47265bcbddd9a44a43a37fe1ce55690ed1714b3a44a55ebd734552d8dfb04c757954a760d4f55b6fb04e7fb7e382b5c89d46517e022864232afd1ed3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10363ae9db94181494ac7865ddf01307

    SHA1

    26ee94fa8f2bbdf3f4546209a9f08b2eb48ff0a5

    SHA256

    20c9e9d3d06e550109476961c583f9b7cb877c87e7a58aec870438ea2f519812

    SHA512

    d2ec97728948d2a08fababcc84a0885b8e85d577d64af0a18dc2958f70f18362f681e3f675d71f2fa1a1ac4999e0962d2c38fd2701633ba49d708748d239999d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd1fccaa34888f10d17dd2886dfe0abe

    SHA1

    21da8ca08ab56c92f34bbbf92d0b845c14a4539d

    SHA256

    7c11c79d7fc0da868fc180b79e3994d30ccee37c53651ee52199ab4bf81df68c

    SHA512

    9cebca9dfec1d38956fde6c35fc825d143dc6e0bc3c91c88c91631ca1e5edc9d5a5ff690d923e2e24336c7b8de156dbf40a8ba4ae2f6af6bc54a5a7e6591dc63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ca7091a19dd6dd69a572fe79a679579

    SHA1

    60d12af4c32383fd47e39c2444180a06c3609765

    SHA256

    0b355dcd447cf6dfe77617f337b5877b455ab9a2d3df590ef460673c97eb5d0b

    SHA512

    8e4fa8be6e6a65dff46c687c187735fd8d4fc7f76acd6d38b1da7a411c91f87ab66525eb72653390c4c51461af4a3ee257386fd6b009ccc8228eb8077e1eeb52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77ae20b8e277822039ed49ecf215d105

    SHA1

    d5a42ce35ece6a8f2a6132ca36ebeb095d6b2230

    SHA256

    f1f1021886283df493e6584cbb3bb1701e26fcb7668776279ca753985016bdbb

    SHA512

    00acb2b7a059c93390726318fb04791d9dda5e0bbd4c01651784538c1b920c3e0c015d876ca34d9668966c9be7e769945d759058f7079d5c6f39cfc5cae58655

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BD25CD51-BBA2-11EF-8778-C60424AAF5E1}.dat
    Filesize

    5KB

    MD5

    5c2162b3480bfd4b287e719becf837ad

    SHA1

    845fd7b8621b1041e4c9f927bdca2f4c8735e22c

    SHA256

    b753ecb475f04618e4deebc448707b547d7e349afa10cc65478d789a353f55b0

    SHA512

    ea1a25e0c387b4353f2f5958850f38d6cdb4154a662556bc11c350e371f41bab8c3bd00a59c8a1caa1d2f1d5334e24b4bb2be911bfddd341ce836ee5f9b01249

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2D2B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2D8C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2700-1-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2700-7-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2700-5-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2700-4-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-2-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2700-3-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2700-0-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download