Analysis
-
max time kernel
121s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
21-12-2024 21:33
General
-
Target
RippleSpoofer.exe
-
Size
15.6MB
-
MD5
76ed914a265f60ff93751afe02cf35a4
-
SHA1
4f8ea583e5999faaec38be4c66ff4849fcf715c6
-
SHA256
51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b
-
SHA512
83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac
-
SSDEEP
393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 3 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5b7b8a891d052a7a552fc683c6c88f3f4
SHA1d9ec405b21b2975fb8296eae4023286f98623995
SHA2564bbecba23d26727db7171139d79a2998d2a09324fb199327cc9c82c16b2ab387
SHA51296f6bb6fefe8cf043493ad5162b7942b4c266f6efd97e5c3e0927ebc0e452c28a97ceefa57797e54c282c6156aaca65eac9bb1615f091377929da999a321264c
-
Filesize
342B
MD5fb112b5c75660a36670d435e2d8a1c90
SHA1002d6029bb16931a66957fe3b5ba04ceeab7e29d
SHA25661f3e011e319d3c9f7b8d7763e426ff58a77bc630173c5067c8f484ac0cc84c8
SHA512be90e99ce44face81fe33e67ac9b851527019992188fb89c12554b79e762f800a3329f0418d88d9c805dc70cbab8fae0926d73557d2f5c65cd3a628d4e3444b3
-
Filesize
342B
MD5a1dc2d726851f0250abd225fd01dc88a
SHA1a6c73f1c9fc32d88885bf26f784d8c08e2679881
SHA256839f2763a1bd2a6c08d0d19ed55d6d947c74455864f0d88138458cbc42325e0a
SHA51272aad53709669f7c17cd5d302655923b14134e1409ce0a9c6541a5654a8d4ff894f80d42dcceee00c45e22973a2f1a05de3116775773bf46f44af1c0b4735b7f
-
Filesize
342B
MD596b206e4713f45d5037c84b4c72e147d
SHA1b01abdf4c08f4837d2287fcc5d8c7185bea60373
SHA256afc53595254c0fc8315d47fdd7d14d501d321bd641f1560f2d9663a727c4ba93
SHA512ec6b4e57eeaad4030f4dde79f55b3da9c2c363f7868b340a89942fc94f3c3d6106a3b322c1531d0c83c7c988f15c3d5fc39a7a3a60c1aec8d8c4eade26dd7d60
-
Filesize
342B
MD586893c4bdc11479dec1f4091b6008c5f
SHA1214a24262645dbac173aebe8d3eb8b7b3a82eb93
SHA25629bc24a4b29071404f03821c8f37115d45b763578c45032da4f0f90d9835e249
SHA51245c5ec49be29e0b5a098445a3ae5c8b5d02e4d65bdb0fe334646c896f28823d1546848ea10b3448ac3aca315320ae7a27637842d50f96f1b87793dddc8714d33
-
Filesize
342B
MD51882fc21d23f8e1acffb4fd934342481
SHA1ed4b8ecba90516b7148393be619ff3cd4343fe3a
SHA256c4e007dc3dc724aeb3ab0b78a06780120a77e0af6926b7b03ad2ea6f4e9ae69d
SHA512ad9985ee501fd8cb9dd3f494508f35fffa4e17c0472ed069a7fe6de3ed6eaac66fd347730cf04745f363ae82e49d53e4f1b4feb12f080a8b470fd03beb1f2f16
-
Filesize
342B
MD588753b0001afcbab92340c6053e0f37e
SHA16cfd991cb4dc1780b917ba2d4574e72c011c06f0
SHA2564490ec0742239638a5cb965a021551b9984e275a8ad346bc00477329aa359637
SHA512dfd4ec600b256257e78a5941c96f4acfc7dacf1afab9232b2b123c2bbfacc1d0dea463b6f51d0bd2b91bb2daf38b41da7fa5fb52e6ee233e223f03d87d67aa86
-
Filesize
342B
MD554eb01db2835048085c639d4776ed452
SHA18b6f59f11b82ac829f923cc61b9a0db5c95c8ee3
SHA2566ed8c26568e4e74c92507e7185cfc9a885309a8e05ae541c58724c1f56463f89
SHA51236916cecdd8ae0446c5c5a29b29956c9218a1e8ab692a5f2f3f2bcb49ba3337fdff77ec291da20f921110425f0f0a57c4adb86be8d1272651b4e06800e02db3f
-
Filesize
342B
MD55d524837999cda84ec3928a30f960af2
SHA19a9f40a15902eb5e85d6c1a1e306fc58ae183c93
SHA256979c19e2fa83e01a07cabe1fe04c743dbbc47ad16a3eb100470472e337d7139c
SHA512015a3afdcf12a485cb45fcb85477f0244758f3a64ddee06cc001eccacb3133f02bcaef8e59aa1351f44488b9722c8aebec27e32116037fe417691a2fa03b93d1
-
Filesize
342B
MD5268b4dbe7c955821d5d2cd43da1827f3
SHA1029c095752024b916912727214b6f112aeb4f522
SHA256fb9fcf251029d48a23e588f2eb72851760d338834937c7c0778d3c5484bc424d
SHA51259bce9ee0ca854ea80310a49ff9ab4d8466a776190610674c1f328a7df4528084558ee8d72c7c3a3da947381507e1ffa3564d5906812afea24af0c66f5aaa20f
-
Filesize
342B
MD5020197f13366708756df32c7f4e2f2c4
SHA1a390c06a9db4ddf9aaba9a6f4af9a6c53f506666
SHA2563e133c237cc6b3a37cf619fc080a782afe912b7929b3cdf6a01e613492699efb
SHA5121b4830ce6b715df30dca397b35fe7c63e5ee07aaae54db220d93d04aa2ff8ae0c9623beb81b56e392d754d4d0537edb355af959dca0054fecc300c17450741d3
-
Filesize
342B
MD5ed32318339c2fde90252d39b2de0c877
SHA1efd2f01af48e284d4a631bf4d05004822c8f92f1
SHA2563d08206325e01674ae486d024afb3e5da54fd176542f1eb87471fb76fead73aa
SHA51251cceb0d19895a42ea0add796f41f445e8ed14de694570950a80dd356b55f6caf91c8241fa0ad4d0c9cdcfd6c4a3def38587b53340486b984bbb05904a28558a
-
Filesize
342B
MD53051442ba302283284c2db68dc22f507
SHA1200a4f519bb597eac59278ac52500d8a651657ad
SHA25638b080897eef20aa8135e06f8b77cff744c461345fbbaef35898be466689497c
SHA512863c35c65196d061b080e4c8eb2c73720d4a26771fce295863e131dea695f56ea80f9369f3a13d41307aaf905801438bc20a6f7d5f7af5729a727efe769d7ffe
-
Filesize
342B
MD5b493d4815185207bccaec5348184a778
SHA18f1edf0e146df7b8621ebbe5b0403aba97963108
SHA256ca0e7fcd11a18968b42a8a0335cadd3e2f7525963cf11240158f118697030653
SHA512716811ce6f89deb9524fdfc07155d035cb44f9bbcc1ed54cbe255e6108d4626671a9967b05613e6cf650e38a041e06f480a5cedf52f83402e49cdde544ccb30e
-
Filesize
342B
MD52a20c73e902cfcaf292b1446115c78cb
SHA1846cf2cecba5d3c163ec5684ed6cb6122e0b16a2
SHA256af2ade0ba7d94a267f3f4c165f2a2d096ddd72f37b4f7bd9440b35d53d9e1b5f
SHA512dce28e992671eb35b96cef4756d9707e273ba35a3a6b17b0db28117b0e9bd09216e2df1f5a57f1748e653d2bc360bf9b97d256d33c8f63d5ce1461597af3e2ac
-
Filesize
342B
MD5e196ebdd4e55d283bb856246d241dbf2
SHA171a905cc798ade1da6a09d7f99412966909c831b
SHA256cbec47745ece79c2581b54d9a84e4fdf8acd3cb5f0c107f26f80084d7fd95f91
SHA512a3a91c0f6b49fbfc69b3382643820ea544317137296fc1e0424d37e80438b272053b29b7208198f7c3b72977f5ada9356cf39689dd1b9aaad034671fb023bc70
-
Filesize
342B
MD5b7cff4162fbd2ce1fe0a7e392ea93cc6
SHA1269c22ccdf007c3564462a0765befeed9b16ddfe
SHA25614929d2747817b5d16b8509118748bfb146ea506410a5419326caeeb83893d6d
SHA512f8ad2873f500efe60bfe8dfd68d6d979877345ca6769baf9bc4678c4c5a659cb7aaac025801b1ce7aed4f3c3703923214204f569bcddcdd700f3731e1678f349
-
Filesize
342B
MD51c5364efd26b41f7a020ec7a06f487c4
SHA1860084cc2c7af2a5589bc3f7ecc24a12709bba31
SHA256ea7dd73b565012061104b4c04ec5d3c2130211829503c2329195436de3f9b117
SHA5123be130b03d5db4480abc78433dea264633c872807706e16ab3d0f24c53b954c82fba95a81f0a526c3be25c72a00781a3c390f97ff7dc95d8e6561b06e0f1ca93
-
Filesize
342B
MD5e2700deab4e486f61f5da31f220cc887
SHA108a9d4d6d104be5566327e635431544fa53ad9ac
SHA2568cb5f244d366eefd3a8349d16e01f3f33426d7ab1432de154a2b6f87be0de606
SHA512cb0ad5eba133456f0c5c47d965ca9573106dd8895207010a69d6eccec8d3e46785e21de49d3bfd29c79a6e22260070ae1928ab9899ee6bdcff6e30f436465a38
-
Filesize
342B
MD5cecbc111816596f70b05db9457c6a217
SHA1d399150ff18d85832c3113018b31f9e833a314f2
SHA256e158f745947e0cf8dad6e613b2b69692eb02b0d8fe3969853cefc1de314d1e47
SHA512eef168db7dcc85e3d2d0461ef9b1d3204caa604e36b24b6b302157539ae63dbb9fa6a632cb1dc5c9f77223b023f73c7306aab997f0eb80880d9965db9c9e0448
-
Filesize
342B
MD5aea7005c93ebef23b5d540fe80a553cd
SHA1d023261568cfd393713777fd848fdcaf31d261ff
SHA2568688114e795f0e50ae316f0c8756bb1f61b092a9476bf681e6d3f9d8c9a0d2d2
SHA512f3c05b0cc2cbfb602996444a1c851528b50c3867e64ad5fc91e402365b3068e1879eed4bb3740771e8e9bff92035f3a5b77e71534e86c34f28c1701f0245ac68
-
Filesize
342B
MD5a77d50d034f64ab6cf523629379b6e06
SHA1dd8a2f2dffb49355411dc5537868424068b97e49
SHA25650d174d9f43630591f56d028d7bec1afb880db357982b509634f4edd965dddc9
SHA512230be93e9533b4c97c539ba325721da93b7521e2c757fdd542c52fcb1c5ea229a8e3683bd7f3ef98bf804d6f996005a20d3949b3cf8c23f9167cf331613ec201
-
Filesize
342B
MD5beea0872c642363ab3f1cd1bcd8497dc
SHA14e30a25fbbf1af7079d9fccdcafbff4e92bd9f07
SHA25601d877dfadab6a1a01af34ea14e9623ebcbaccf7c240758545a912de245987ba
SHA51244417954fe78cb002f8a79bfde53b2202cacbd7a79dba8717110b4b03f4a6cff3456bb7e54e62ed77d78a765a9e024f7e167e0662241427263f91f37e984d333
-
Filesize
242B
MD5b14661dffe636c417bf52ecdb0f99b9c
SHA132e91c8736dd3cecbd4dffe4c2071549a7327dbc
SHA256d29641fbf97343def890ad808b13d1cabf94b0ebc7f4583a69963d5249f2fe3b
SHA51204da4a1155766ca553b7eb76842c239bd259d8fb63ab692ae440d75e967b20e50550ca2ca1f7e0ee595bc20635e114f33070f697c216882824df427809755321
-
Filesize
24KB
MD544752f2479038e04b26e939d8c1a5371
SHA14e27446956f5b60d7aa8018421b6a33f1531d557
SHA2561d46856521e31ce9e4a8a3f44d34b9a29dfe4bf98479ef702dc5629b01366489
SHA512cc2bba08d4e0285512349ef30dd4f26a72f04c733e2a5bb305c6f34d9d6388531e43a2727941286471713102a6c473cb3bee2306d33cddd4ceeeae379cc8404b
-
Filesize
23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
712KB
-
Filesize
432KB
-
Filesize
4KB
-
Filesize
28.5MB
-
Filesize
28.5MB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
4KB