Overview

overview

10

Static

static

1

fd044c9fa7...8.html

windows7-x64

10

fd044c9fa7...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2024 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd044c9fa719894a1d59aa940701d771_JaffaCakes118.html

  • Size

    158KB

  • MD5

    fd044c9fa719894a1d59aa940701d771

  • SHA1

    cf8d349a10b1cc438783d8b27a1c0226d9ddec41

  • SHA256

    32fc011e696e76f078532e9cd9f278a61d508dd3476a0f70f6c566c846afc5b4

  • SHA512

    c24a689354b71eb01112502813b6304aa6c978f9a4106f1e8c2129e962e9bfbf5cbb6789bef75196f7a83b89a0a148b62095ee84211cb9f3e9facc644d1258d9

  • SSDEEP

    1536:ipRTednL24hovQ6yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:iPuhovQ6yfkMY+BES09JXAnyrZalI+YQ

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fd044c9fa719894a1d59aa940701d771_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1064 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2312
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1960
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:880
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1064 CREDAT:472074 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1196

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d20fb73267a559895eefac65d5052ff2

      SHA1

      05215933ddce3d1b5639c33e8855219a64762456

      SHA256

      8d6d2d80d228c1cbe0fa77fee574da82ad5dd44de577b8e099e61a4fa810add5

      SHA512

      1b67c0ff529fdf206b7f9168a3b6881150fcb2fd86a4c46c3c74ea19c3cdb01a60aca38720dda1987ba7132149b50a4cd036f5c9c444c4ebe8abd3b3d54ff525

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b29808ed3fb1bfe36eb82e4228e5018c

      SHA1

      6aa697df3ed05ec72b0128aaf718bba7a9267026

      SHA256

      1c6c7ae15a187f8fb1cf75f611684371dccdd7b85d6d44ea451865e3ed378be0

      SHA512

      773a9616375019c978cd53856909eeae660a880c2311f9721008faa6ca7634f5b165e71211ac30b79172153a25c007537d2c927c1900933913e72e028a6e7573

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f0bef78ffb9d7e2000cf8449b12085bd

      SHA1

      c837bb63ea8ce514f5d8c216366d6910d3d32ede

      SHA256

      f36d2a36970979ea73911d80486e547cb8742edea01beaf7c8a339b6eb299a88

      SHA512

      60d6991750b7b3a5443f59504f6576a140e92e9a2322ab2df87de1f6f3ff70b21db076d6485c9080c2535d7550982b0b5fddf92fa7dc76b32439408267dbe4b5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6bcd1b4aa3dfe5010515e520046a62b8

      SHA1

      eb4a6af91f2ba62f5af35a3530bd9ea95ce1fbed

      SHA256

      98beb54f2ae6072832cb7461a95a66f5c245b19e2e704e2d6ffae1afe2f5f2d2

      SHA512

      d820f32687974566b21f77b9f9dc24781df58c67cd8ae0d02148bb8a6ce65eee8b8e939050560b927589860edaaf5453a1f05b0a69b3d38b2a4aba82ac1747bb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      af24cc0ad0bfa33af51a97d70d7c9c53

      SHA1

      04b2ba77f7da06c49456e03a12eac61bfbbd0d8a

      SHA256

      7381665d459db64e7e1af868006452ef194128f1446a508073b30f2fbb81a432

      SHA512

      8b9090cbf7d54bba37cbc92327e21905c17468d0a64cf64738e41831b9a727fb9c74eaac62d69a35a9d37ac00a8e8ae9e62a3d82d1bcb5433add900c7faa3a13

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7e869fcdaf88664043516df38b7e1c46

      SHA1

      656ecc77cdebbaf01a56f6abce2aaa0f06ee5523

      SHA256

      40a14e3cb268282640a77d22bc5071c5d21eba622fc4415f2d5ef28462b58350

      SHA512

      bd492a0c1a7befc0a5af1eec2cc50e59e0ff2d2b0c98422f81a0ff4bcc754320c236cc589986411dcb8783e2df2e373deac3023340a90a2c3076107084c0b915

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c61c005e226552e05b14abafe3b1fc82

      SHA1

      941d299ddd541c9ccbbecd88b27ee82403d48556

      SHA256

      055f63712ba88cf2fedae1b7f09fd6c8472d487e900f0eae5f1670f2cf1866ee

      SHA512

      15ea95e8ddb8a4e664641bc06e43f36e7ec8871d3113b2caf6a3335eeffeed363bb0ecd5d2386f3a3ec47aa85cb8e664284028e4f744207f1658ea704004f3c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d3e11ad9fc31e3765db737bc29ab1ffa

      SHA1

      08cc5295f7c1b58001934bed1d341b991ad9d684

      SHA256

      3b0615de545f9c230c200e21e91e6b2b981f3f0094d9d9309b2c3687ad4254c8

      SHA512

      a985999013e9f1086eae7f176fed85a754b09214076ad57bd7aba4db9955ba300a3495978e020ae94d66d83d505c397b39123a10d81261255cfe8095b637bf6d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      247ab313860fa594aa0f697291a80e9a

      SHA1

      d75c4d8709eba90f2dea1e9349e3d595ef42a3e9

      SHA256

      a83982fa2f0766ae28a1610551f5db713a513854b5f6b68893dd38582ed63199

      SHA512

      06594b07a6c1810eada39b6a0251fc89a0e04b0c2cca2c591d960842b7d2b79c7c81073afb02d3acbbc218e4cf81f0fdf167d16e28ae6b381356620645e5dc16

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      97fa52ba6512fe04d71539da6707f6bc

      SHA1

      a58d00394efcc872a04577e9d4b34ecaeacec67f

      SHA256

      471a751194ff1766aa6d56c836b63a8e1cd104b712dde118d885c12e4917a263

      SHA512

      0d114d2223fcd6fddbcc74746924ab7f09f660bce353a152b07771e0b7eca0628fab505959e9e8cd9ec394445ea4c06a12825d3f4b7f10209a957f1be9a0fc62

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      17ac5011c61bbad86dfeac78f294b2d4

      SHA1

      b3a9737eca54a81ca58b5f0ba94bf6dddf31885e

      SHA256

      700c4ad16c11684e0d90d4cfc4612ee57a887fa12f26646d6a2a47626e11b4a7

      SHA512

      b4cc2e4251c2f08482636cc5c2dd966362e5fd157b44581065a764bee71ec1f55a12f594e66d4963bbb975e91ac2f9023e3610f31d9527c2c3337563c943cc42

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9A5C.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar9B1C.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • memory/1960-446-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1960-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2312-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2312-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2312-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2312-442-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

      Download