Analysis

  • max time kernel
    121s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2024, 07:19

General

  • Target

    1c061a9e4ff49706f0d61544aa16897b_JaffaCakes118.html

  • Size

    190KB

  • MD5

    1c061a9e4ff49706f0d61544aa16897b

  • SHA1

    23d3b552be590a260a57e6423e4081e744eba13c

  • SHA256

    6bc98cc2bdd3b424de158ff2fade703e828dafecce7ef20b64ac750a585e9968

  • SHA512

    f378d8dd38f21068e229598c418522c2f1d370b14c51d77075d999f58555d86a8441f2de82baee6cb67269f927b1250220d80b6eca3c764973bd410f4a9aa84c

  • SSDEEP

    3072:zNpyfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFiM:zNMsMYod+X3oI+Yn86/U9jFiM

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1c061a9e4ff49706f0d61544aa16897b_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1908 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2348
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1400
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1908 CREDAT:537606 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1964

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            ebaf008bc933ae88a90abe527529f9a3

            SHA1

            b941dba2195e9d2029377d663837ca9deb31a434

            SHA256

            e5483633d35152ef8d9ae0f88470e50b972321bb312e70404da318ebd6b72867

            SHA512

            5733eef8698f05f10c07e23c49f1fe9f98288a45ee8dfdf1a5a26808a6bfe056edcf2ef9a281db2b233931e27492a41d6e10d1f0e9c53bf8e1f190db92e25dfb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            bd9cb03cdcf57c11e27927273812463b

            SHA1

            c121000979e32e867a13344f89c728cc8f3f5938

            SHA256

            e8a9a4c05a26abb7c0e54242a91f68c9e8a0a06d0a622cc2fef5598f14eef632

            SHA512

            a92279d1c81c62a6848385c6cd000486df399f2e1fe938ff1bda4a9e550b38518548925cff547c98f5d3d87e5cb7697ea04668daba0d6003a80483ddf0912058

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            df7a7a3d447352d2316ba6e110dce9aa

            SHA1

            e66af573799c69d8462a3aae44934e5b54f4ccfa

            SHA256

            bb1a4e8f866674dc55f4bbe2e128c460821143abfb3796d517cc9b29b167a21e

            SHA512

            7c1e516808e47034b141273f429874234c1fcd7ac80ecd29e43766827937ebb157d936cb189c24f992e1be5b60d24509773f20c5c94b82c4b7f62572331d58ca

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            d4735f8e8e28835c50b7d059c3832096

            SHA1

            96fe8409448fc69a7d6091e7700e34bbace0f033

            SHA256

            aef5a5e17853136197d15578c209fb21b64bf818bb3060abc041fd6cd4708e86

            SHA512

            2bdd592ce9caab6ca0e49716786ac13f109d6fe66fb37aeebf96f2e53e66f08ed6e4cf6c75211094a9218a6fef6a46b750c6a220cd3f2caf46a2e0087082d638

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            ca53add7eafa4755cdf1990ddc1d9c09

            SHA1

            37b0b2b591c588811c30d5d291fa71f1b3e7d5c1

            SHA256

            92b5cd5279e34332679b7fdc998282532fabb2f9a2a73c8c716f3a3331562949

            SHA512

            2b5aa3e7742ba7d4e49dcf2642a921006fff229a8ddc273a36c6b834d60f21bf3e9b625d58795aad88703e593573f6c3031ddf98a2e2ecc1f4855b5c151b5018

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            db1e52b034d7c4ece27f0f36df503f7e

            SHA1

            5019b93fc51890b1226b069ef8e70c41b72bd5e1

            SHA256

            97dcb298a7be81b29fd6872b15c84bce37917a0118fc37354bd00bf136bc663a

            SHA512

            0949aeaa357043db1531c868c5d02f18126314dd13cad799eb73214ae6787751630866a4710a384099d3470b46ebb337fb0ceb416ff1a74697e06f36b5f232f2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            001a41eec4ec1fe8a6c73eb7dee3ef0a

            SHA1

            390cc136d69ed234ebde7d568742951baf5b1f9e

            SHA256

            ad6c3e086cdc9e3d52d1c1e80ee92815a488aa1e61c670f0981c9f35531845d1

            SHA512

            58596e5bc0ec84f769e3c890bfa49a27007079257c874d5f5f57576718a1a3a86e3b6350499f439899942436c23afbe0f36a0018279a8ead4ce77375f8fa7d62

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            f32d43301ac2e5e727ef38830240c87a

            SHA1

            45402c3ba5e7e32babbb40ddc214b996954356be

            SHA256

            cf5a092c28dd2fe5b0fec49dd7e0c71d41c6223f23168a0dcc4e7519e9bbe55b

            SHA512

            80f7e6dbe4b99f1d2c7fdec40e636a0e7b02d27a0b669903f31758f5ae5f2812a9e3a61fadc2aad5f46b67a1d3172e2fbb84a312f87743f6bac2c70a5cc28550

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            6b949cc5f69f5750ac2870b4732ffc94

            SHA1

            2090a56d529ffde8477e17b6bbd9d9470dae143c

            SHA256

            3c480756e5ece00cdb927f3760da5a971463c241486822cd9f339410f6a4bacc

            SHA512

            8ad21d0d0fe603be4e8620b3be547db5e51bcc48e61c6a03a419e53cb23e2eac6b7f97f60ee9665178fa73348e6f7e4f627367ce9b250fa8f2da178a2c4aa0e8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            acdc00d072c5794ec2129a559031309b

            SHA1

            5214a25b7f49abdc6f6b263811b919322429ca8c

            SHA256

            5bc50dea62e8457aebf9d34831823c21721acdde18d2b156905b2a9a3b51b2d0

            SHA512

            93906c8101f785e3e56537314459f222cbe3e8e0d4531f7e3b2a1343ff7f108f8d115ff33f3a3caf9cee5e775a0cbde4ae399716ef3ae31065bec718d9bfbe90

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            d4c812d0e07ecd278fa3a4a20f532644

            SHA1

            9e12e77d3c094b255003a8b3f1cb577ea28ffb8c

            SHA256

            985a820972c0d65ee3331b2c41cc24d2ac5907765d82a24135f956f7f519abd2

            SHA512

            085b2a967a03fd90670142c89b29aa2e8cb2889f5dd21985005592e1e5f61cfee0d163c127905195541822cf28ef9481934600523705c065ff3c53e23b6ab7b6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            8b5a6f841c435d31952ed6a8724f7118

            SHA1

            6e837f859b88f25fe585ea9e5b78d24f2ae243e1

            SHA256

            0a8be1e2739fcf7e91e2e1cf3dab8ca18a1a2619c673273a0c55e9b50974c9bc

            SHA512

            726e3a4bf4138a1458823040d76566a7da4a574bd9ebce42849d8538bf8bdfbc318f134354190a1fa934e12c3fdf611961080c67baf527860bb40c13a678a650

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            d5c31b957806d2a482bc10b71a615b4c

            SHA1

            2eec55c47af78403a221caa15e98ebeb3db28427

            SHA256

            ea2aba98bd4bcc62b56253ead5f386960d30ff16c01bc58119fd7f8015f5dd36

            SHA512

            2130b69e6d2f8e9818bde6239095838b4e1079411ccc22f135fb408376881d3f9ce2bdf8a37ceef7c75bfaca8dd22ab890c07bc10ff409f54d8aaacbabee404f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            6c3a983df5c16b9d01d36e316743c56c

            SHA1

            d3373448c8e99e78872f25b0a3eb77f32f8afe20

            SHA256

            e030404b5b09aa99e0e77fbd65a57d3eaa79bea5a74fe499585b31e34bac24a1

            SHA512

            25988a0c8fb8a6c02ff6fdc64afbe78847ccc296861690dda6edcdbc2bc5390a64725511e27e02b96fa3fa89acfc476270d943ce8e7e9ccc8d4c0020a2fd4297

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            c0a88db4abbc1c575ff83688957cdc20

            SHA1

            d3d59ec7e7335edf245e9c1aa248dc49770051f8

            SHA256

            7113db256104d52271ae4a0516c5548dce260035aad64d5237c5145e48063aa2

            SHA512

            a9d3dba5434c63259ed0ef444dc4070ea1612f03fbc2b2ca90e58b9ddde03e9b090a449be9dab4b34730fdae4be42e0d92e081bc4ef389342c0ce8f0d20f180d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            24b4d45a433695b65e55fcc5664ffad3

            SHA1

            69859ec6a2578d2109f3c19bf0796569a3b29943

            SHA256

            97044f67e0c7417a455e4a491815abb257f805d6d31c9774829d24fa7c264ae3

            SHA512

            54faf2e47ccb69ab64de4c6207377ca52a6eba996db303160103000a08e82621759ed32aa036b416f8c88d12132f5cf153b96c4f3d56456f6fcd832fd17b9be7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            6230d38a401552f2ab01704a08ded3a4

            SHA1

            997268403eebbccfc75397f0b113a4b37c269e82

            SHA256

            be7d35e2eed4d1d6c745b44c2e8230d34e506b6dbc15d1f9409cce3c84c1127d

            SHA512

            744c94f806c8f4513b7cbdcb75808bcabfcf570e0f1a2d5e55c176c266860f9422e3bf8419ecd0adea2f6ded15bc398e20ccdd184b4b939e172ffd400d73ffb6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            a3881e419d97bacfa1ec5acc77a00dbf

            SHA1

            2a489129c22190a31b85b965c36fbcf7a38de95a

            SHA256

            1a4da7e17e1a639afd9f6fd148b8010e5a24bd00a090e94f06bf31ef06d62f0e

            SHA512

            b3bc9d868f651f5cad7243e7f01f19ae118e33bc38b377b86051b95ebef3bd1eff2c468baa8cad568723c953737f7d94e9ba249d4498b264fb0b543f49b63688

          • C:\Users\Admin\AppData\Local\Temp\Cab5EC6.tmp

            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          • C:\Users\Admin\AppData\Local\Temp\Tar5FD6.tmp

            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            83KB

            MD5

            c5c99988728c550282ae76270b649ea1

            SHA1

            113e8ff0910f393a41d5e63d43ec3653984c63d6

            SHA256

            d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3

            SHA512

            66e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d

          • memory/2348-20-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/2348-17-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/2348-18-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

          • memory/2348-21-0x000000007743F000-0x0000000077440000-memory.dmp

            Filesize

            4KB

          • memory/2672-8-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

          • memory/2672-6-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

          • memory/2672-10-0x00000000003C0000-0x00000000003CF000-memory.dmp

            Filesize

            60KB