Overview

overview

10

Static

static

7

RippleSpoofer.exe

windows7-x64

9

RippleSpoofer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-12-2024 15:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RippleSpoofer.exe

  • Size

    15.6MB

  • MD5

    76ed914a265f60ff93751afe02cf35a4

  • SHA1

    4f8ea583e5999faaec38be4c66ff4849fcf715c6

  • SHA256

    51bd245f8cb24c624674cd2bebcad4152d83273dab4d1ee7d982e74a0548890b

  • SHA512

    83135f8b040b68cafb896c4624bd66be1ae98857907b9817701d46952d4be9aaf7ad1ab3754995363bb5192fa2c669c26f526cafc6c487b061c2edcceebde6ac

  • SSDEEP

    393216:QAiUmWQEnjaa4cqmAa4ICSSF1a0HPRV8gtFlSiZh5ZlZ:bhnGhMAXSmHXFA+

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\RippleSpoofer.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Qt5NMSgdzU
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    bae8443f7fbb7b5260793ddade4b0c68

    SHA1

    bc8cde63657b0eab558c2152890d37c21c54a787

    SHA256

    3146dfefea47217f4867c3fcbe7c8546a33c12ce2817eaad55befb87ce80bd96

    SHA512

    ba8973081f14d280505e2b3fd1b7a788bafbdea5179b5374e7392ca57dc2eded2b7df0dbb662f2c274b06d549fb15771503cd4b19efe212bb6a4f576a9cf80b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7b861e7b7ab1cd39742f4c06e74978e

    SHA1

    d6bf58f1a5ed606827db44bf8ac05826636ecaca

    SHA256

    fc82aa85e9d876a5051bf5ef401dee6700a5c3c97858114eadf3bad259fe04ec

    SHA512

    3479841f8893a72b331fd42b2a6eb35fb266d344d2ea276b289ac327b7005b63af3ca9e333e7689b49f812b6595ede694aab8825c3c90558b5ba052f446f66ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80f9874a0db9bf62e04c5fe8da581c51

    SHA1

    6ddfcfa56bebb0166790ccf1aafa39732dabd980

    SHA256

    bf2d3ac5294380c46fa400bb3a231cc539b5ae60f5ef989010f7638b7261d746

    SHA512

    b90418a6c27d9d302f3e99765540822c7d4985d108d4a2c6f4ae33af6f368005c37c87aa536847cd48cc9d8e65645a763a235ed8ebc2ca8d5d6696370a73993e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc78274a978782aaad98d0414602fbc7

    SHA1

    3c9e7f7b03183b9ad65c6d8d0e049217e93931ac

    SHA256

    a1c71d1125c65a6e77f27da5173363654c15b38209775ff373ccc5bbc421a245

    SHA512

    3d03faf3a6da2e3534c57e4101601bf003551a6d6bce061873d488007b296bb3e535599e298379edb5601b55e1e1b5120fcbc16228256ace3e91c0fd4ff28b72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e42c81ff276dce218db613d3d2612dd

    SHA1

    9768c19790a8c44fb65b81259747cdbfa32e485f

    SHA256

    c958f8d8f49617f5b29d9bc0d7961757c13422fc32347b1beb5dd664df8260eb

    SHA512

    d03875de65fa89d6b9dd4ca9981f0a0b29b18da5bef734540b4f83dc7fcbd36aa4cb903ad02882c5c0f271c789dc994447d613b42653326366c609798eeabd12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14464f58bddfaff3d48785aa0a1d9cef

    SHA1

    986d8fe608ed5945e41008359d1ffce1e8e74e2f

    SHA256

    67baf228bffd0c3865468a22957f393cff64306847a019ae8078958c372f4afa

    SHA512

    63edfd770cfb89fe15b1ffa36be93ed1c954adf65e06c56028dbfba21b0efec2f169233c67f77146187d58fb2235643ccce771bb9e5a6a9ea0209c92a206d3f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bada5b15729f058b9d3f8bc1fe34ad3

    SHA1

    1a3edb825cfa487613b3c0d50e62739b44d1901f

    SHA256

    4430a629f23bd3cecf284f6d25f62dd2fe9a0213a46d7f2fc2aa1f02a0286135

    SHA512

    267796a831da31ef7cf1d39cde4c927f3a2103acaef30696d273ce6ffa19151e3615cef7b0354405dc1927c8dd693a0ce4371207174311ee0dceb03c33e70292

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c11bc5e7de2eeb4d7c844ade8daa0b6

    SHA1

    b960e5fddc1fa5c631d8cbced326a9c816d75492

    SHA256

    c542a7a402ad5e1ab2e4e918afd66a2b9c195afaa80f934b8414bf05c26ec7a6

    SHA512

    62be6d73962913d82a17f3734c238624e86ae6e95fe6a1108e354210de4805fe4f9f5d42fbf578916f5c67e765eb4d89067da1e6e9c4fede7999eb715e0d0ff5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57888a3df1c7e9ccb3ef646c306b4d74

    SHA1

    27441ddd85bc637622549d7445e8ebcd137614d7

    SHA256

    30e26ad1a7ebd9a1de7f065f48b2e67cce04bebbf856143127813343ad445d61

    SHA512

    f8848980282c16ef764616725bed396008bfcb173452e77ae4c0c9d7b4a82c120019d24d1cb7826408cab47bb6e9d7f40ac16d1bb7407d539f86d004e317cfee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    468659b9e4a0d7e84539901af505513a

    SHA1

    339584875da5adc0466ca51ad83171e260c6161e

    SHA256

    90dfa09c5fe5071c01865b5f18b3ea2c974e0ba573483f36d48dbdbd21423c5f

    SHA512

    93c7389279c6a8b1ff713ec21d5f23cf04783941c4cc78aae6892a85b6180308ba8dfcac66e614469e02bfd62ec5ce485a88901a1defa66805ac5f4b3b10a616

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51de4aff2064e7e10a084768159a3a49

    SHA1

    ac042bc99ff8587cf2fc0bac707112e16c45e64d

    SHA256

    8c9240f07beae58cc962b730ae500c1db0d940f935f7ed0b01ad80d705b41c78

    SHA512

    fc49e3f2936797b9a0f8303b0c803c7aafcb148903c33c43c3041dcba2d49c90885d51bd637242ba5dc7306b773a8d969bf65b92f703a606a96838c2b82f80c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52681c53e593ef55a266eb0a15c65ac2

    SHA1

    531f06cdaa985a1fbb6d0a2d871cca070f3e36eb

    SHA256

    41c9c69165b111c7100ff2e3fc5ad1517d3bbf16c3760cc6787c473a7928dd9e

    SHA512

    62918b44f11afad2e1dedd864fd9775bc40007bda4ae4e759942dd837fe38214a8e8b2f424c1f3313136213243361f9b370df08b21152149b41b807f03f046e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dddd8dcb07a99ab4b6ea4e5a117fe9b6

    SHA1

    48e638499a5031ed482adf61d213105923e2a671

    SHA256

    0853e99aa34b6681d87be88f639e78233027b1fcd42575c963c4f497296cdb95

    SHA512

    0fab8d07473a4fdd70cd7a321ff5a77182972676c65e4d3777ac6bdc36c8e641fb25c5ea318c4e3be7757782ad438022d1efaddc00c567c5925e8af035e68ade

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc6decb72b7597830e76b646fa21fdb7

    SHA1

    e897b7da3e5a6adf67be291f5504bf29565f8c21

    SHA256

    73469eb270e06bffcd52d1b04b3e563089d9c1c6d671fbd13e2dec526a261e4c

    SHA512

    a0f7606e8ea4964bd9c7539c668ff4e1978a46a1b545c219d6b5c0d00c89034aee97152babc89397bcfeda982c4df103d53a0d8cdd3725fdc8d7e7243714b264

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    373ad1db04a8d9320a1a095a24a915d5

    SHA1

    45bdd0344aa35fd0b1be4071b155c8ddc403fdd3

    SHA256

    ae12f640e7646cd566a8457b8d3ffca090eab4f7add95cc760a2e9fe06918695

    SHA512

    35f8efea157f8125529427d5a88defa85eff303bada10fb41819122583175025683f2613dd4c284a28c11200927abb0769f659191b0ac4d7ed507a1832861498

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e8ffbb9fd4fed27fe2abee683e9aa44

    SHA1

    38c8c775f5f5f4bf6c99a20767347dacc7978bc8

    SHA256

    fa3129cba13df1051378d757cce772d382512a230366a0c8d62543eae5126e22

    SHA512

    fa96f7c7007f074520d6f73bb8cb0b7532790dca29a997c434c15af2a0df98f58e6085b924ee57f5de33fd39ca82871136835d302806506d883b015fd756ba91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6dd072ef0f6f4018d165fe8ce742b86e

    SHA1

    4fa7c04e946c6bc953c7e5d651b8dc91acb8d198

    SHA256

    97ebba330350a54b03e131334d18c7e193f88d8bfb586c0b8c2156b6e7edb312

    SHA512

    0d383692affbbaded4608b2e29939a107278822bc9a2aa359574ab1f6ccc45fe915311bf7cecce959ba65940383403e815d46fa779c0c661f2da1ccbf36efc3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48a974509d3c4122ac560ec3999bfa88

    SHA1

    36c13cc01f15e47f81fee6da0cc2476d17fe25d8

    SHA256

    440e560c2242b2dc703ec8da5b516acbaf0a274e6307bde7566b53240599ccca

    SHA512

    4b82f38083dbf31da0e0b2380b9e924c8ab2d918135adc20f171651ad3c72b4dacaef6b149a9d804c652ba00cfedddefcdb78192fb8c1d16010ad4b6c6d91ae7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d9a72bff40026d10ffc4f7c605ba35d

    SHA1

    3370202eabf6d274c02729a613e2d26aff9471f9

    SHA256

    8ce8e2736127f4fd8da56893c59e831134fd0dbf81b3062d6e81dcb7e1182ad1

    SHA512

    3332e55521e9169c338b08bc6250d8b958ed0bf7c540d2549bfdd2c04252a48db0e470aaab34d90c749b88a78c1b218cc0582471d5a0c2620374fec8e8c094be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    b1f787287f4ae1f1c2d5c4127cfa38bb

    SHA1

    88357ba468951424d77d57ac06185a7a3f865e77

    SHA256

    974893a79f430f3e20560610f0f9b0b3b11ec051252fd4c3fd581babcf8ab75d

    SHA512

    65436118794be64db59e1687a7ffe6d8db6ccec5fcb464409fb4c96612725cee1238c17738376fac216bdab656232da70ac5e0b13525df0845484026da2c979d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\guoemn1\imagestore.dat
    Filesize

    24KB

    MD5

    71baff0ad638835b8aa4b94b5192574e

    SHA1

    700d4818a60dad7f1219ebe32095a656ea2e5af0

    SHA256

    51bf129b7bb39025b0997d1769794ba0feef56a53e6e25ab121e8ae0605776b0

    SHA512

    686c0685e83fa72533df072deb05fbfd8e2805dffeb949a24edcd6025d9b65094f127b22d138c31c0746f1cd0c30c32b866658225c226e728b8cc7dab8c8c18d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3A53.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3A56.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2728-13-0x000000001D080000-0x000000001D132000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2728-20-0x000007FEFCE30000-0x000007FEFCE9C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2728-11-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2728-9-0x0000000000310000-0x0000000001F90000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2728-16-0x000007FEFCE30000-0x000007FEFCE9C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2728-15-0x000007FEFCE43000-0x000007FEFCE44000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2728-14-0x0000000000310000-0x0000000001F90000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2728-0-0x0000000000310000-0x0000000001F90000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2728-1-0x000007FEFCE43000-0x000007FEFCE44000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2728-21-0x0000000000310000-0x0000000001F90000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2728-17-0x000007FEFCE30000-0x000007FEFCE9C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2728-8-0x0000000000310000-0x0000000001F90000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/2728-7-0x000007FEFCE30000-0x000007FEFCE9C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2728-3-0x000007FEFCE30000-0x000007FEFCE9C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2728-4-0x000007FEFCE30000-0x000007FEFCE9C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2728-5-0x000007FEFCE30000-0x000007FEFCE9C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2728-2-0x000007FEFCE30000-0x000007FEFCE9C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2728-12-0x000007FEFCE30000-0x000007FEFCE9C000-memory.dmp

    Filesize

    432KB

    Download