Overview

overview

10

Static

static

5

fb7594fca4...18.exe

windows7-x64

10

fb7594fca4...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 12:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb7594fca40ba7a7b4c7e2b29cb2f044_JaffaCakes118.exe

  • Size

    105KB

  • MD5

    fb7594fca40ba7a7b4c7e2b29cb2f044

  • SHA1

    22cbcda02b66def12baa772b63e55c22aa404006

  • SHA256

    f0139bc22b55261f58f0846191c4dd100b3a5ada05091457b7e219ae53c14f1c

  • SHA512

    f3a158db3d106b5f6817fd9b06cb30f07ca68ed2aba2e5dddd02f2767a9b4d775dc6a9268a6574cf9b2b8492674308852ba5bd688036d2a79da15e3c7be72289

  • SSDEEP

    1536:5OC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5frleGhd9TfBi:5wV4OgSzBmh04eZFkz3Rr0gwGj9Tf8

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb7594fca40ba7a7b4c7e2b29cb2f044_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fb7594fca40ba7a7b4c7e2b29cb2f044_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2424
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1936
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74dbd78ad44b9fcb255d274363c2b2a6

    SHA1

    a1c2d2b2592b96dd297ff7a2778e353a9cdbeed3

    SHA256

    98ac1c2f3bc01d3444746ca8ea0cebda851fc78b4bdaa69154f2d6cf2bef164d

    SHA512

    b7e9fdf5bda48856fa9af006dd31905ce4f0dad73e4fa5b19c78314df175a5343149ae3163f5cb5fc0b5b9dd92455b88dfce2a657065fe8ca3c1fc7c2a4baf98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7d324dafcf2551f8a1c5aeb8378f6e4

    SHA1

    23c17277b7fddc4e15c54af82a5dfe5ed6a97355

    SHA256

    83b5455ea78d0466762d6882444b93aab399b79325eff1297f63ef9fbed8aa55

    SHA512

    b16ffee478c87dd44f61fa6c71482d9d85717f5418c66c12460bf1fcbe52a5fde2167a38fdae7f6c4a2d4913212d9500961c5483e2664e5ec252a3e5047421fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    544915b737e37c978797a7f4e90bbf57

    SHA1

    ec588c4cc2359149fe3825fec9ebdb5251e33b9f

    SHA256

    a1d05ab3077cb147744e8ad98d3f4687c3b9d4ace07285e3f9cea1b4d1865bb5

    SHA512

    166c4898f84bfa8151a1d761767f261320df12e1a41409583d317856aede21c46219a37565e13e63e062c54ae3667bba54b6907bfa5a821eec2c7f36b1771357

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8741a83ff30fa38e07138a02119962c2

    SHA1

    d9d7b4c4e862b047a80ef7dcf18ec76e463ef010

    SHA256

    6f5ed27a3c096bb43a7a1cead220e3d1491016bd5fe827b6534f6a049d017172

    SHA512

    dbab36f01ed89f497c6ba3872e79c73eb6839521c5bff91f65902dc3407d58fea8b6d13a26b77bb7e8836e9452cafb0d462e8a29ccfa017531da9c0d49bfb49a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2164f7e4ffa23b85354ab22611d19b52

    SHA1

    4566efa99d1d2d0e0471f58d5d23da159debadd3

    SHA256

    b271298d5e9573864cabc0eade8cc79e43d51c78081c1ac726987e9dc3a2c62f

    SHA512

    97bbd13de2d7e217bcf2dedee1258b8ad4f03779ea161378e39c924ce1491bb194416f84c10bf64f20d715d1bb26f52a20e2ef10983da135badfe5d443de5b32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fb878e8dbbadd0284923d88df0ded36

    SHA1

    818750ead2abc303a155683580415f1909feb69f

    SHA256

    0dea1aada7a4fb0e8a040b52b171d813163d31a316c2c864c978bd2f05f74b5d

    SHA512

    4052c071e8e6e5974053304a8f6e2465c9b488adb1f8686b212f2b0459ef7710243d6e33c33619df02f6ce798e27b9ee643c0557c8123dd7ffc438d048484d16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d304fca39ebe968818496a9540dec690

    SHA1

    6e40ae9f5ad82bd88b7338c3e89c09d301513a84

    SHA256

    76f137824b4a3bdc6328731a30da1862dfe55a52a59cdf17ae89dabdd3b4a6a9

    SHA512

    4d49308dae47923f52678baac2742b0aa746c4654d11ecf8b29d5faac895d059cb833383b668a952b51dfea3fdac5e887592ab4a803ddbba33eff8031378d0d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a33b15fdbc11a420c03bb1a326814fde

    SHA1

    6c66db6a5d6206c2960c4d133f3428c04442e61a

    SHA256

    5bc37dfb9fd2290a1231d7b1cb79ca6da58a3923ee34a211b32bad9e27a1e02e

    SHA512

    d0692901a611a490c75486d1a672ddf86efe96a36dbb2130cfc6f7e7b1b3cbd83b1dbb68a35e3528e4aa8f8fdec806d60af6f80d14a07225611db3a4cc973609

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64eb20d8439221c6c463d58b4bbefcad

    SHA1

    6fd172cc496bb2568f1736fcfa967a88be46e690

    SHA256

    7d84acb3f4af809d120f3a3780bb42c0cfc9b6a42b5ad5f3ad204db5132172ee

    SHA512

    50285ccfa6974ec2df41e4369ff360457389ccf6dea303a931cd6b019b9efa5bd8c5b466087d881bf2f41aafd24b3446af11107783de56a9d2c11efe74f41d4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e8134bdae5e91a082d52ddff167977a

    SHA1

    221338cc7582350d886cc8038e6c946ad431590a

    SHA256

    f1b965c6da2da0cabba10a21673271b03b0d34145af146fabac148de0b294528

    SHA512

    c804578672b85f3db9daae034c77259a4e18ae88d70e57d30b1cb2f2064d4cab5df11def9e9f912357fc7dfc505512ed473be4ef83f7a6c08c1bf37a858545a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7dfc33814f7fbb93177d1c098774077e

    SHA1

    18c2bd3f77c314eea48eb6cda230798c34d9bc8d

    SHA256

    5daf81ce26ca695754643a4eadd78e2ebbb38882b6ed956df70bbc7e1bb7560e

    SHA512

    0e7c4ca2ed148c0f69274d47604d46906a68671ae1cf91de4b74b2eee93e26fdd97b3f1b7d5539d99ce1ef1bae9d47611036a7e0c5126d5f892f79033463b738

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fca5665d7ccc5dfa15b2bcc95685dae6

    SHA1

    66ba10273062fc98ab2e558f5dc3097782a4f8cb

    SHA256

    d994f4673863217c647e4ee5e2d0921a84b06cf65cfbac669ba83a3cd4392f35

    SHA512

    7c9c0bf664cdb97bfa3396536384ee427cbac68b0408f9add07a14bad2e4b697665342c15eead0912d99d0b58b51832786df5481f44a265cb4e5212f6a6dbf51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b261dabffddeec0590bb6dc27c00e993

    SHA1

    378599cf3db675fe24b1f5337dbcb4ceda7844d7

    SHA256

    1e92736a9a749f4f0860a7493f647855bc3140b8ee283a345ea2f10221870651

    SHA512

    8fb9bbee852b644a2a64cc9af82827012d89b3908a9e2297ae1a484b56f01ae3db368826c0390428b367fabafb60aa1aab9ffd33cb699c258ede2d76a7a82b52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bafd857ef2d1eab9afe740be74c8f9ef

    SHA1

    e615a64b33924176e56a1cc3b4ce9f200031c0dc

    SHA256

    0aa6c73405b0538a49283944943777409fe56a9058c76d83844f74365d623b3a

    SHA512

    69f1a5126b7760acf9d5dad536d4a41008cefb09443d5b9998e491e8c89e5c4273d7cf766d03e5a514d2f20be62825517b16e60b16de0ebaac0571c6ea214f8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6440505ebb33bd146f5298f95d35fbdc

    SHA1

    e7216abd13928a6f8b594ffdb77d8fe946cf54b1

    SHA256

    498a13869d94767b61c7221d9b1978237779b804c81baa46c39be9cc08acab10

    SHA512

    648550412af368a73c7d256c22a20c48185c3e399a55308e2c95e3103b279b0770b6e9a4d7669b9b30d6f2fb8de431d1aa2a2cd8eeb304123d9085e93327e6e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9054f7e48d9511574d2ad30f0a83703

    SHA1

    4d17d7bf4239c773c255966c011cfc1cefb7f193

    SHA256

    d075cfc253587146a1129d0cc6eab5a3be6135c877d10dc5b24e7023769b1f3d

    SHA512

    85012ccb8289631c94b2089a8ccfc183286c2b111a419a5798f6155c681604533ee74f1ecc7885c7d5fba7dab85b3f002ff2b53208c97c4760711885f573147b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8975829c8cba5167e06db5da5746a2f3

    SHA1

    345147fe97d72f2ec7cc768c147eea4998daa727

    SHA256

    be41c8d00feab154bd38df2d14e3c00b371895b516e517fc5b36660420d69098

    SHA512

    41f23773fbc1db1d8dc961e1b32871afef89908e88e7f77e0334eb6ede0a585b44403b970633e1f5825efa3f7869b91b3e9b202731473d3803d491cb810b5158

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    792a642fbc978b17745383273214c6c6

    SHA1

    e5b5bc08460c7fba9abdf8d87dd50f2ffb2d04d9

    SHA256

    82505b0da9b9af1a0d1e1798f79503bb7baad985217333fc3aa3e385e119fe1a

    SHA512

    c87a544ae26b4a38b0ce292566e916ca7f9c794a032d8d1e06f09e8ed0f2688c5057c2c43ef80f8b8c0d4ea54c59c7568f0afa2ae17ec6f0dfbb147eae1898bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9a1c7b829650886c378142611b17e77

    SHA1

    60899237f758a9a46baa6b6713b085cd7e02882c

    SHA256

    ee57e9ad479128fcae55d27c638216cb5307130f3682ee64f6eefa165f1c2de2

    SHA512

    53b641c38af5b0baafa6f3d70f1b10c52de13d948481b17b98ce7079305595de22ee306d8ceb0c8762cf234ed13edee3631f859c36e79027fd19e1c56874a04c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e2e37205f54407b7665852a1973520d

    SHA1

    9782b783e6923925135a96678c36ef0932bbaad5

    SHA256

    2025de3a36afc3b638121cdf4c5a3f8eda8ab1a3247308c8ae8d5845a44c2684

    SHA512

    af0842aebe55ded1c1e3c73f3fa6f5381980965e3efa8f7d2cb69ce09841e748d34731e2b2068e03c5c2aa0bb905e9d436e00ed86e36d0e6ce1dfe95e34664df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1460bd806671ee9fc9438bc0eebe59de

    SHA1

    9f39f1e92322bc8178e6c9ee99ce76763b014d03

    SHA256

    6d7c89fa8b0e07e09308bf08b504623b29966e9c15896d84d314bb2237afef38

    SHA512

    032289db8d1d0049ffe94d1f5a96a6c1a9a51de2921a50ce386464b1dfe8f8092166b9d2971a9659fc90c6447db1fb6d6aa6ac649f402ff618ef29d37344f3f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7fdc6fd3fdb7cbbae4542e6cb772b04f

    SHA1

    a6d485a3b3de7984cd87f1f821537f92a0dc170c

    SHA256

    518a6bc349fc0d10a046cab6ffec48ec8f32f56a6db72d508ee55b32c83d84cc

    SHA512

    40c3ff6bc2a6da1eb46b7943f5d9a3b178d5c50f45ecffc691af7a7ab3f2d5cda395fec72195965162b514b9f37489f06d9bcd511685adcbfdb25cfe7fe74307

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F3DFAD21-BD37-11EF-B462-D60C98DC526F}.dat
    Filesize

    5KB

    MD5

    87b1a098a66eba0262e3ddfdc2d42576

    SHA1

    9d2f657b8ac00aefec760d539d7dd7eacc91f991

    SHA256

    372d07046e040e8ca15c77bcf0d50192da4a7022a3f2af491faed70e80524b73

    SHA512

    bcf802b2b4701a0e78a64c1461be7d55e70f3473d79483d0b39080ede3deb7359f44c379d954773bcc63c52509c558f5f1b04e45d070babe8c42b50881192a1d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F3E20E81-BD37-11EF-B462-D60C98DC526F}.dat
    Filesize

    4KB

    MD5

    eb7b2c5d4fe8edef21bd45d286effe88

    SHA1

    1efa4bbfda36d86dc201da2787ff74851c36986a

    SHA256

    861645c285ab712466773b01ad20b10a0b0528396318241139a69c9f47c11b4b

    SHA512

    0fe13c7feb15a8436d73dae5b31d364af70ea35bbe9576166b02631ca5ca1fdc50312fc184302edcb6842322c05d992a07318ec35ee984b723b87fb94f108e27

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEB7A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEBEB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1956-0-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1956-2-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1956-1-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1956-3-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1956-4-0x0000000001CC0000-0x0000000001CC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1956-5-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1956-8-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download