Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 21:58

General

  • Target

    1129869014260a87468ea3b0980df403_JaffaCakes118.html

  • Size

    118KB

  • MD5

    1129869014260a87468ea3b0980df403

  • SHA1

    cc22a867c3d117cc082f29f5a66abc690db76203

  • SHA256

    77f9c3882d5cc7a57d63ac7e704aa06e7b4e8cede20cd708dabd89f23a1922b9

  • SHA512

    89cc34d28004ebdff136783ba4a12737d9ea9a992e697959caa85fbe43e93fe9aca9e7de062975d2c985a9bb11eba4509413b17e98d4defd20585007b46ebe57

  • SSDEEP

    1536:StEyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsy:SyyfkMY+BES09JXAnyrZalI+YN

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1129869014260a87468ea3b0980df403_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2340
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2620
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:406535 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2652

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            1d67bcae33be8ba877c3ecdd67219b26

            SHA1

            f3bf52f786ce67dc4c645e45f2f62f29497d68ea

            SHA256

            9d2e2417f7f3e4b7a8a4ec7bb5bc0c94cf6917f7d558451cedde0b90343bb9bf

            SHA512

            cb8805b35d70e62c8597de4988d96e07ac28e243fa58094e522308ff0828deae55a596867ddd72f9d0d5acfb97af3a03d6331808f945511c8005aec2388684c2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            950a6142ced2073738a721554f8a6a19

            SHA1

            21b20c1d1228cf8fea627a7d2bfd62ee3bb4de75

            SHA256

            22f7d072a11f7ecb996c0e85f224ff03a7688caf0cdccae9c88d8719083b3e44

            SHA512

            048dec27f8cb7e7c1c7f24e097cef6892e7978e4e44b80eeeb046188fded8d82d7cce827640878103666b4dc64280fae77feb2524247afa4352b843854b9d654

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            34c87c97a4855eee9af99227cf898273

            SHA1

            027bbf00f479be1dc2605576bf6396141a8dbd39

            SHA256

            6d96e4e889b60470c2d20ef563b01c17afd9bb8789856d9665cc7d6a99f80657

            SHA512

            c47703f62a991464a389c47bdaeb1144d544f59eac6c7ac45f716e348d3b38bbe4aebc503858bb60463d5c1785d5ecb7fbc571e15c8d3ffba841603323d3fca4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            3af72e24623a840dcd7bd63b75080946

            SHA1

            e333c241fae87c25ccd77e3dd98800231b30ceb7

            SHA256

            5821e250d8b0dc08000155dc715643322827fac9625ab5adcec1dcdb83849714

            SHA512

            c8ecac1b51fc8f15a699ece7de7cf0fa4b561252a3a3c564f158c80ecf95ba8e075c0108f7a5528d8c572d9758f8489058285a0f11dd0497c07a84a340f5a137

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            091a0ba7a9b3dcdd7dca5b593ab06e4a

            SHA1

            6a095393ee449fb4abd30bdfb4de6ebb6c6604f6

            SHA256

            eb9a4689be33be6374a711b4deca38cfb1aa971d1e7fe091af595fb3d9411aed

            SHA512

            7d103e0dc5617ab801bafbbd6fad2d4e2469e94fe40560f02e30f1fc2bc3ccf3b59e3bd3b09c5cffac93424b112d0b71b7bbab4f521e0f56678647ecf75ba9fd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            06f420c082219d3172ed6449bfc03f78

            SHA1

            fda3a98c374f5752c9923970599aa56b08f979c9

            SHA256

            fa74f8462134432b07ee65fd5f4f5dbbba934bae9ed2c77d3c3423d3e93b0b47

            SHA512

            8a76fadb1d637ad6d89e85505b11a2c894e99af2071afc5fcc5d91d4826bd2b57a28b88d3fed0e3eafa3114cc0b75a75b127a156633a8b4a40e694a457a6e330

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            18ac5f280e5cd41c3bbaeca7ac650c0f

            SHA1

            606fa93b97d4ba41d51adca8f4f66fea9c260785

            SHA256

            56e88a7e9e605bf7791aa766b6e7fb6b891a872119d1756133254f374014423a

            SHA512

            d10bcd505b5fdf16df7ac00fc658fd9525b7c5dafd1d845fb580f4ce7eeb19dd93f386f7d2b725d2cceed29390c6afe70782ca13e948cfed63462529c5b566cf

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            d92492d4d5f4100230316aae3ced2486

            SHA1

            f3dc49cf1ef6ce62df96adb5315bc2615359d32e

            SHA256

            57393a52beecb39fe0e526fba18c16e16cac2d6f1e9d031e46cc5b3d1f7c1146

            SHA512

            818721b10a38a4ae150f7886298fcb33a6f4433e37ae3d2760201c0103758dbae1828aa10fad55d83ff63baef1c0919a0bd235ab66b14f52251afba053bfefc9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            6a9df4a3ff188e8a7273fb823502a4b6

            SHA1

            6da82e2a3997f4177a13f1f14006d48fa79783d1

            SHA256

            e58b63cbe9ad42e079c8464edd1fcdd38ffbdbbfd70e51e59694cccf99eb21bb

            SHA512

            163bd19e3e3b7a5c40288b8b9bf9187e023cd0bb157123928d51096576a5b8617776c0a36d4c27e2ac153e10dd904348a067bd0b8adf1da8fa8539663b47a585

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            231873dced754db8d5e0e8187199ee92

            SHA1

            5341ddd71ac1ac6be721044127a199bcb077b7a7

            SHA256

            73646a33aa7c009921d9c42e90efd2ca2fee0105416f328a0a814c313a91928c

            SHA512

            9e2433fc7aec3848300ad672122786acec11078bb4d8017dd4f1a8c613741f9bd2b9483d8c7e753a5e44a663d6274bffd1c329e1e14cbeb15ddce0f9f3805f43

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            0de88f0a451dd3aea5087783fbf38cc6

            SHA1

            f1fde233acd76b0ddfd4337fb2e7e060fe20f9e4

            SHA256

            b03d2e6c17598fd706e53e44ac307a1cc149864c1919fc2ab7555744dbab0fb0

            SHA512

            351647dd73d8f97ed83cba59ecb81d8b637a88d06617b394ece7165ada601a44837617c1beed1780d844bf9a9e8a949649accbe078803d6eb121053b621bc7b9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e441799c725281c245f49db7835abecb

            SHA1

            d1b44d76dc551b36c5d0e0185836cc9b90081982

            SHA256

            7eb7efe89c714a1b66848f40ceaf0e33744889fa2ef7f7ed50c0c89e46eb1b45

            SHA512

            af58fe973907cfe84a953986ee9c59e3ab527d9ce157cdc926b13db7c121b20fb7a2cc84a3905fe274d23474cdac70968a5b759cc8b61270d19236dd5aeca718

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e2baa81f781a8756381e5a772b6cd4ee

            SHA1

            2d14ebae2bf5ecb41d8791e0796c8cc9bedd35e9

            SHA256

            31ab99058e502a13b150041113df3181184e0779244c81b9d6e5965acce9de8a

            SHA512

            fd5ef7eab00ac827b0d5c8f4fb14f07e3283ecfad0bec89a7b530f74ee957a2bb3964c465911a4a68d9174188d7b4ce473c6a4daa533a907d93d29ba6fd93699

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            09145e02ac2a47d9d7ac2844a7a5009d

            SHA1

            e7824a4e38fcce5ff85040786a01389db1e2307f

            SHA256

            332bf5f2b18ce24f79b848f8ea46153cf49fd71d954e1270217c24d89592621b

            SHA512

            d3700a4286c4d880df22e82ddf670b58bfdb76cacc1d4de7a4e3c52b91b52a4bd21918574073a98a1bdae00e61ffa460cfc8d99c258b7cdea77e6f68262e6283

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            7a5f16ab8427a72fe9307ff574c81eab

            SHA1

            d9c9a8d1bc33d3b8323915db204a44531da50af2

            SHA256

            392485b5ba5dcdf0cbfa5bc58e3c3a08fee0f80a0c67d1463d210420c754bbce

            SHA512

            42b4d00058f19edb0ed07bf62c6a4658998d831c90c303251b50c58703ac0d0070d5c36a46469b79acfbf976e10e812bebe18b6d564c49b7821adc84d560cd48

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            969915596d1ccec992b4fba73cd67469

            SHA1

            1ed4f3f81f9bc0175ef18ce0e61e6ff358619899

            SHA256

            1483ed6a647f6bd91790e2e88c3c44cbbaadcedc7dcf0b466908203eca2fa644

            SHA512

            6e4c71bcc8d8949263608e58c2b3f1f54c35c40fb863ddba61d4ce1770510924405d0419285b1df9d6ea5a9189e381db108810467ff31f550a3cb9455d47f6a5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            dc2ebf6ab4133c05cf7e68733adde2d6

            SHA1

            d68de81d0e20c46eaa33343c5cbc42a47873f9b4

            SHA256

            a01ccc868c605fe9718e1e2f6e5c16f376a10d4afca5bfabdd181b0c249442b1

            SHA512

            b8294ff386d6a2ab6b6f80e38277dd80b8fdc96ee378cc2832da1b648734ea615fbac8f3b00f18226660a9d831c3f669fb1181499dd755a2f37c50a26352253a

          • C:\Users\Admin\AppData\Local\Temp\Cab2291.tmp

            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          • C:\Users\Admin\AppData\Local\Temp\Tar2372.tmp

            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/2340-10-0x00000000001C0000-0x00000000001CF000-memory.dmp

            Filesize

            60KB

          • memory/2340-8-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2340-6-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2620-494-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2620-18-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2620-17-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB