Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2024, 22:25

General

  • Target

    2e5b64eab6f3ea2711a18b9372ba8ed0_JaffaCakes118.html

  • Size

    229KB

  • MD5

    2e5b64eab6f3ea2711a18b9372ba8ed0

  • SHA1

    5cab88df69e5a1ccdc0e2350898b985f83028d48

  • SHA256

    e2a220bfe7e4205322153fba59d83623cf637092aed6a7ff051fb2f255095004

  • SHA512

    97b8508fa2ece4f6d33b97b4bafe86cb3569fd3192844a4adb201eefe2d48a1becab4f8f66ca0fa9d4a195d3875ee2584c4a637ce64fff4834e645c5b3afa60b

  • SSDEEP

    3072:Sfzc3cYB4GrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJW:Syz9VxLY7iAVLTBQJlW

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e5b64eab6f3ea2711a18b9372ba8ed0_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:896
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
            PID:1576
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:2148
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:406540 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2628
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:668678 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2652

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

              Filesize

              68KB

              MD5

              29f65ba8e88c063813cc50a4ea544e93

              SHA1

              05a7040d5c127e68c25d81cc51271ffb8bef3568

              SHA256

              1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

              SHA512

              e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              5c7fbeaa97e9ea5b36eb19e7d0c87d38

              SHA1

              145f0c5098dc6e5e57ffb70caad3d70b30406313

              SHA256

              e463a6c5a49c205600bdb2359bd8c8fada2bea8e07e85b0340e58af49bc8a91c

              SHA512

              928e0f13d789c2e20bad0f84651d2e09e48404e6b618e59824589d8ac539f641565e962039be0ef4b6ab1e118f8d7903c8a351e9202ab48ee1d6e667bc225697

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              473a482cda40be8b027b81985183788c

              SHA1

              685914703ebb157c84b777f387a74a18f1c3d897

              SHA256

              ef54c48f6aeec111c8869eb8a9ab1188201fb24987c0d577867d2ebe16d5bab2

              SHA512

              e65ebc2edd8754152e79e068c910d18881b7b1a55ddaa30c83ae19fe375f30098068faa33f89b5503675f68e6dbd7bc756b38529ee8d487d32d9c58e270e9037

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              6bf3dd54e825c12431cf05852844b433

              SHA1

              70daeb3820ebde75d1d5c486e1dba6c79cb168f1

              SHA256

              30734aa7a9e3282f5ecb62f6dba3f147b1d5ce68c38d5fe0f8109c1d05e7a3ab

              SHA512

              f0db162a68b7809a1052e8908bdcd11f1e2c0943e4d0fd9c47285e823d1691a898be808303ffb9a2024c2beb8828a6820f97090a7b695ca71e9a419eede22ad2

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              068040c4b36471aebef81d4fb5c3a16f

              SHA1

              e0466e1c9689094168b1d4b09288d7a1f8729cf3

              SHA256

              7688c4143b4508331d10d2703438bc7c6c5798822e8b5c0758db998dc8f0bb4d

              SHA512

              54b53dfb7efd275001d1fdb07ce3fa6e405acf9666171f5ced9e6e3fb96d835033a5877588a921e2dc4e29a2f57697bf8ad7ef71be3a9a522d750f0049ec6f91

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              2776d82d62d3731ed4042d05ee8b4642

              SHA1

              a663499a80953b60218c3a8d6807a9479742b1e7

              SHA256

              42fc6b24588cd361e71f9a1e391f4cce54f51bdc46b3d0702fad6427d6444939

              SHA512

              01d4b31b94dc0fea8cc2ba3c1430acbca456c69fce5e18e34058769e86d95385a3bfdca0e1091322174ec9cad1c88e8b25b296e7637bd6cd5e8ceaed7fd6bec3

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              43f28ae456e460404d01594b47170948

              SHA1

              958ee5cb32e1c5fd2bdaafa868186dac68209eb3

              SHA256

              b12ef3bf67655e8c849ee37aa0a4f9b15000bed6715462c4895d1b2e5aef836b

              SHA512

              8c96af6c3856dab7b7acf4620312029d4ab8fd7b96e236c508c5ecd433ce137bed94dc4e3dc6940f00f38640a1bf53c3d605e822a083d0b80708faa5fc77a481

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              a24be4c4199ddf5420c3e5405717ac6a

              SHA1

              ecdbc22ec586a8eabe5ab2a74b9b584aea158324

              SHA256

              e431d4b0981ceb533ac6b54340a5fb9a89625b90584abcd8d21c0be002671d1e

              SHA512

              45c8e02960951210c78189e51deccb1d396c4bf6e497723c8fa86c4f23d3c119ac3de0a77695d1b2209eadd7114085adb6e9f51bffb314820cec16acc4460cc1

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              ade2d00bd5708d3bdfcec7107df29a0f

              SHA1

              2382e92ead712e1c6dfb85fe744053c4328e6837

              SHA256

              f923bfe36d77514288a3d7bf09dab7c99cb7a547654d8762fc5957b2fdcf2ce9

              SHA512

              4bbdd4f1f4823e80d004dc1b495b632384973df4302711b5478fcc244e52e67fdd6f9164986d49b4ba5519416677b44be701323bb0cff0b32224ac9879fa13b4

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              a120d06ecf5bb24dfc6ffdb7254eb2cf

              SHA1

              0ba9b7b4b5dcdd6d6d9465b9288a2ff57d48dbc9

              SHA256

              b371dc94a25cdd3bf0f97e2badd0749c2c3e3858795e74272c68455966f62f8b

              SHA512

              447232e8dc444a8d7add1a7077ff7c6a4e354d2b1b31c4ede1f5fde1797719d112432980f69c35e5e7cfa297b16f21aa9fbafa6a6b4ca32016f65072b2a586db

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              5748542eb3810e0ed90f03d8ca9c6e17

              SHA1

              d3d5db0a07665f31014cbca2fd3f507990d0442e

              SHA256

              96757d64af195df794ee6e3c79e0fa08394115d9d39939d506464f66f3477c02

              SHA512

              b25838779143f1d59c82acffb7e95c6ff95d9f7c17d52b791029b15282b6e98d41aca85302441febc4caad07d2329327223844eeaa876d881430b87649fe8e3e

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              28ce2bbc51d356c6cbc64ff8c75aa370

              SHA1

              00c01f1a92018f58065ce641c02432cb04515123

              SHA256

              5bf95c086c96f0d23d3bbc9e09440edcae7182d7217dd9f53d4bc6f26da49f3f

              SHA512

              367bf80946c6dd270145d4aa274ff3e4dddf97169ef8803729e0a92f31f2b6efd575b89da1db4f0972c7909eb6012f529efc8d670eb10d839068ef69785bcfc4

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              bf86db8a23ec0faf64f04e9c7ec8e401

              SHA1

              a3702ce795ce3da154d62ed6e381103450ecbf4a

              SHA256

              925a99f16b5cf5c5a48e8652992aa3357131ee3cec374b6fd86dedc3408fea61

              SHA512

              36ffb1dcbbd951079719b7eeafaea7b7a2b883690ab70a811c1823c99c849c3b40cb69a1542fb4f26809d94666af0a5ff1ff00a6633a98650f4d1e116675ba0f

            • C:\Users\Admin\AppData\Local\Temp\Cab782E.tmp

              Filesize

              65KB

              MD5

              ac05d27423a85adc1622c714f2cb6184

              SHA1

              b0fe2b1abddb97837ea0195be70ab2ff14d43198

              SHA256

              c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

              SHA512

              6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            • C:\Users\Admin\AppData\Local\Temp\Tar7910.tmp

              Filesize

              177KB

              MD5

              435a9ac180383f9fa094131b173a2f7b

              SHA1

              76944ea657a9db94f9a4bef38f88c46ed4166983

              SHA256

              67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

              SHA512

              1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

            • \Users\Admin\AppData\Local\Temp\svchost.exe

              Filesize

              105KB

              MD5

              dfb5daabb95dcfad1a5faf9ab1437076

              SHA1

              4a199569a9b52911bee7fb19ab80570cc5ff9ed1

              SHA256

              54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0

              SHA512

              5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8

            • memory/896-511-0x0000000000400000-0x000000000045B000-memory.dmp

              Filesize

              364KB

            • memory/896-512-0x00000000001B0000-0x00000000001B1000-memory.dmp

              Filesize

              4KB

            • memory/896-514-0x00000000003E0000-0x00000000003E1000-memory.dmp

              Filesize

              4KB

            • memory/896-513-0x0000000000400000-0x000000000045B000-memory.dmp

              Filesize

              364KB

            • memory/896-515-0x000000007713F000-0x0000000077140000-memory.dmp

              Filesize

              4KB

            • memory/896-516-0x00000000003F0000-0x00000000003F1000-memory.dmp

              Filesize

              4KB

            • memory/896-517-0x0000000000400000-0x000000000045B000-memory.dmp

              Filesize

              364KB