Overview

overview

10

Static

static

7

RippleSpoofer.exe

windows7-x64

9

RippleSpoofer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RippleSpoofer.exe

  • Size

    15.6MB

  • MD5

    76ed914a265f60ff93751afe02cf35a4

  • SHA1

    4f8ea583e5999faaec38be4c66ff4849fcf715c6

  • SHA256

    51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b

  • SHA512

    83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac

  • SSDEEP

    393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:852
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:852 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    0fa582fa66e9fea6cbb5205331d09e66

    SHA1

    5a53a5707b601819642a8f351ee07fae872a99ae

    SHA256

    76c031f3784312470c6dc51ee7a578d4848f15205aa094a3e4cd40679fce2229

    SHA512

    d216f348563b808106c92aee8004612342109fa416b29099e2f8ed55b02941ab7f4f841fb5ea8bcd9bf6920c5f1f82424e81ded613e4b86abb7ae9021a6124c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26ca789cb1441e29ff90a1bd52c1e03f

    SHA1

    085e669b2de9750ef92987635b179ae0e1903046

    SHA256

    40a07034e557b6a26c5fbd4574d65d47acff391f15d2ad9eef3ece21f24c7bab

    SHA512

    bfc82a77b4ed10c1ff102eb204a98516222b3b12f6375277b6331de5529c581d55f19a29c60272637a9a62b5c02c1f4ba6d1a3ba25347b73ba44f7d0a90f2674

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a7bf3ba02785ff7a69f51f41faea6a8

    SHA1

    36a6d7cf20ea05ebe5526421e01662247774b8da

    SHA256

    6c67312771c1c6712374bc236958519163d6d9ea285db32cea2fb38f9c7c2ce0

    SHA512

    d26c95a55bddcf2f877f73ee6ca6f49d617ecc1933c41f9432a292bf2dd45f1a942f91a8e51ea436014f87ea96b135638e932ef52a4280971712eaae0262bd75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f609df317b5633333589e29c8a7389ea

    SHA1

    b780f27b3decf446ebdd3a5b2176998ad513f102

    SHA256

    648013cfb4d6904f523eea3b5650f96698f9b01459d97698a88454ab2b5fc309

    SHA512

    bf774955cc5ec156d9c072059ab8eba69e7c32bb2edcc54609a6ad8b08a528f875bbffb64ec1a936e15cad639677469709aaea0aaf6443171f0b31bd2321d88a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10a8d377f12dc8ef11d683e40a0e33e9

    SHA1

    a836495c2a3404f20e2d5823edc3ae9c032e300d

    SHA256

    b54d0d31a74c0482cc1cec85ae671fa43493c8fbe5ac401153672ce185eb416f

    SHA512

    f49c3b2f9b9c84a1629c0c84685387cef72fd97baf75803d641ad711d56dd62cf9fd97780d2ddc17e8f7c2e0707c53d9e9f5294885abb5e39897645f8aeb30fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bc6cf5c8348889e53e70416e3db7cf9

    SHA1

    36bd1cc748acd5c086c8241adb76d83c6f50b70e

    SHA256

    3a95cde92738d079eb9fd80e5cd86dab53ce5f73c959baa9ae56f56969e4c048

    SHA512

    dd3b9574fbdabd72383c00ac5732a995d2d92fe228f0564eec071920136daeb0050ee25a5270ce3259a36d07cc2cdc35cb98c114d55bd4d8c02f97bcbc7a662e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a574ebcae0952613eb8775baab072ac

    SHA1

    9ba44d06884189b2c7ce4502e396c1ed05d47fe9

    SHA256

    e0413b0a23ee11c2ee1eabe352883e83e1e23b245f2cbd00db61b3a80ef00d81

    SHA512

    b0e11ee16b507bfafcf2cd7fb614cfef474b61ff20452158a3caaf6c25438538392a53cdd5e982b82e600c989dd5b49dea3a0217f0aff21b6944b0af0f43afdb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef013514b2e5c34bd8bc3afb2a4183e8

    SHA1

    0d02cea53c6e9b97d418fa302c669c8a60b7b344

    SHA256

    3cf04394f6635691bab08eca5d813e0bef8f24f2e6aa5cc6875033bcfc1d5c99

    SHA512

    3bbdef64adb40f9f70c3a25ff28428c0afded01e948395d5696756f51fb3e0287a72e5b61102129ad0f9f547ef49871857a414cbc175a261a10a6476ca56d873

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86df3f41192b72f51d2c69b4969dae04

    SHA1

    a1abd1c46b0246fa88d4aafdcbf75016943ab1bd

    SHA256

    caa5d7267fd843936a46cfd273a1f15b7e4a9d931e38ee77dd16b0f182de0444

    SHA512

    f9e9f270f93bd95a7e87c127a919166e64d7bee15ac270166124261f716b9366c8ee4e40ea7ba24b78e88d461242476e8a5ca2e50deced498f55572e3aea7c9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2e23ea259bc3d1ea4c3b12f8cfcb939

    SHA1

    472211e840ea6d046009eafe89a3107441b3bb9f

    SHA256

    0ee53ea4d657129712842bf5b2098e21778bb8e08039dfc5b4b7c182dc4e67f7

    SHA512

    f1564d80ca67067923e9380d914e68c19639b51f78954dfd9cbcf0771bbc00f464d3a4ca154ae260aeabb34135da362dc3488c89373cc4f1fa3d62af7e357cfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e8dc6c6d74acaae5b27195282d41dd3

    SHA1

    8a83e545c5ae8276aa7bfaf6a85438dfbc953c1f

    SHA256

    6fc7211b6adb5bb4362f7f98d02ccac9cdb061fa13156c59e63d443ce69c17ae

    SHA512

    b03022462c764f59b0393e68d23200c55bc30c02aaed151f65a11287a06f7c4267c3970865ef82e65a7f48df59a8d65123e76c801af8b6d35686d2936c8ff2ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd01bc2adbd43ae5acd70a3d187f3285

    SHA1

    5b3a456e354fa904a9d25e9a93a92ef3c417b3fe

    SHA256

    0380728bebcecc22c877fbf49429e679343454167810836724c98800ec8c2e1b

    SHA512

    17f380bcf0ced7145bb8224bb0e09192010946654375dd94ac8a17b6271ea4a063720b0a5adcb6385d09f0e83591ca521473e0d1f18aa11ddeb8720e7821a719

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0be28d37efad06de7a8b132d5240898b

    SHA1

    2ddd7411ab27c0506fb9ef59f8a93c6ba5eefa84

    SHA256

    cd43fc38e85f98c45da73ccbe426225e7b599aba447bdf3c9bed01cc496ab9d7

    SHA512

    6c3612855db45d5998bdc1416131612adcc4e5bb1c819391cc58bf964682e15711d1a0d9a17283ea6d95f900924e8c9053ebb1e812fed9ed65c9440584a1ee48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80e0cddefb6bd67d26aff1d63f87db65

    SHA1

    03100c8625649c6083b6567bb90be90bb2d94906

    SHA256

    2b3657c8dc3cdb46cf87eca2d12f16d5d9fe6a5379c81af7207a3fc91875427d

    SHA512

    3d9779e76f55eb4c5fbbf67678c7b0acde5801f60cb65ebb5c9617742a7aed907929f2b20a5f47ead2347fce7ff215584397dc5691194d49319508dbfa018b2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e1397a642830913382ee7334dad454f

    SHA1

    06f630818ddf1c20c84bee96db85d3b6ef4948f0

    SHA256

    75076eabe24aaf2df3e46ab2eab4acc882c9c356eaba00bc5a240d6a0f6c1c80

    SHA512

    4cbd132e84f4e20b632face1d0f3199bdd4ed641c458988e9f35ef73c99458eb2da054d1b6fb11530c326917c74d0ed998eba9db549eb156995e1e8a97b557e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ee738650584473c1d97bbf1627c28b5

    SHA1

    f62f51a8ed35ffdb6269b5f166403a79e275eda5

    SHA256

    52292cad6bb708c22bda9f5dda5c5059bb0c605bda75746e2216e624bf00cbc8

    SHA512

    6d4951f6ceebad94b2af76473e0c328ae253dc90d42846e3df53703413ca88253f8969c480864a94ea8f817db852436cf7714e84c73fd8ad29cc1818a55986da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97500816012a2d9aae6208a4f940cfd4

    SHA1

    dda4927ebd3828b8710456878b1b10b4e1d5db84

    SHA256

    6027e89021863b6cddae88e9cdbdca3adfeac44a72b0f90c4c6900eca1fb8250

    SHA512

    181d2845a73c5688f09352d455ad8cbb59743821839f93791c5484f29021596d2a51062f28f28d9d5c21baad2c453bfa0f02b647db980a88a687f558480ad2b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    aa7abfb1f4fe4e3a62cedb4297750da3

    SHA1

    33ac68def9d96757095ca310a0b0af2b97c7374b

    SHA256

    7d2650ef5dc2d7af9d1db2d6302014a42cd90af31f61234edec0975be91b3345

    SHA512

    19063725c85e3cb79252614078ce35ef4f21d08e2caacb12fb72a8c78b0ed8281cef83a02af5f754229f67253f90975470f9e4024f9a056f9b2380ff77773547

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z8d0nzh\imagestore.dat
    Filesize

    24KB

    MD5

    0b61e975bf378560b1f89f5d0d4f4a44

    SHA1

    7d254b61dfd97aa08fb2fd71cff1f4e1d012d967

    SHA256

    46da3615248cbb960bd056e95a68d22653646e2cfa98f9c16abf57137a0cd138

    SHA512

    c32b3d65954bacc6fd24959055cecd065c974aa2473a1349cf9667e0f405ebab24fe11d12dccc81ec340b7176e69c301d42d70e26489fe5759a84a94a9cc9858

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GWW47WY\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7FAC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7FAF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2744-11-0x00000000008E0000-0x0000000002560000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2744-17-0x00000000008E0000-0x0000000002560000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2744-15-0x000007FEFCF70000-0x000007FEFCFDC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2744-14-0x000007FEFCF70000-0x000007FEFCFDC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2744-12-0x000007FEFCF70000-0x000007FEFCFDC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2744-3-0x000007FEFCF70000-0x000007FEFCFDC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2744-10-0x000000001D990000-0x000000001DA42000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2744-9-0x000007FEFCF70000-0x000007FEFCFDC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2744-8-0x0000000000560000-0x0000000000561000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2744-6-0x00000000008E0000-0x0000000002560000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2744-5-0x00000000008E0000-0x0000000002560000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2744-0-0x00000000008E0000-0x0000000002560000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2744-1-0x000007FEFCF83000-0x000007FEFCF84000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2744-2-0x000007FEFCF70000-0x000007FEFCFDC000-memory.dmp

    Filesize

    432KB

    Download