Analysis

  • max time kernel
    133s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/03/2024, 05:25

General

  • Target

    349d13cf9e252ed7313f079df6ca3d38_JaffaCakes118.html

  • Size

    475KB

  • MD5

    349d13cf9e252ed7313f079df6ca3d38

  • SHA1

    87a08a05f69294dc3d5bd28bdae8e46f22d098d5

  • SHA256

    eebf96ca44a9e6cad8600fd81ffab13f75606bd6e19b4a6a87b4fe26a319d6fc

  • SHA512

    53f4a3a84df52e0d39b6882d96d43cf518a96c0f4538180a4bc7cbc3ae53bab012e7f621cc4e7ab2a8fc048a2c957a32f64c34e95047bf447aeeb853265fd598

  • SSDEEP

    6144:SCsMYod+X3oI+YCa38eaqUquyHQcHC29+F6HT4ACpYU65aDCl:l5d+X3/fUquNcZ+IT4ppJdg

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\349d13cf9e252ed7313f079df6ca3d38_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2164
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2892
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2624
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:603141 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2828

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            914B

            MD5

            e4a68ac854ac5242460afd72481b2a44

            SHA1

            df3c24f9bfd666761b268073fe06d1cc8d4f82a4

            SHA256

            cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

            SHA512

            5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            252B

            MD5

            d98153bda45f77b32a43eec6731ee8c8

            SHA1

            301540a149d2ec0264468858282229d62d9a8aac

            SHA256

            138c6921ce24d8ad44346b7b14eac2a418393509ea7fc0e4cb38c32f80500321

            SHA512

            5e498bc62fdcb53eacb9e61f45a850628cbd868f2b7e9f306ee7486cb370a3980e97a3582aa17509cca9385e9a89856825fd629040acafc592dfd38718777991

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            ddc443971a552835511ea70cc5214447

            SHA1

            08f373727acad513215d3a135f01a474d4094e2f

            SHA256

            b6cff46986fb8ed770f2b09d0d4e37006e9816464d30dbf3a2f6a244364fe542

            SHA512

            3be1d14133b3e6c00b55b0467f371eb399dd45cce4f0dcd6964e0760ee6773cda57015c604cf62dd9aae713657945edbbf4925a90f1fdce9102e0ca72ed25b16

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            599fce7f865ec048259ddd61cc335bc3

            SHA1

            8cd044dda134d711b6f4b77a1571892612e483d6

            SHA256

            1b9fe513b4f14255729d00d367044579a4f94d3f9e41e696acfcf0dd2d0250bf

            SHA512

            802ee7a246839db8e268fe2ead65143ee0bceb1d467588ae35722d3931b00ebe3b6284d95c47627d31d2886e1b1fa2905fbec9725d50fecc014ca5a4d0f82a5a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e1501c8357348a141cde96c2c4b40a36

            SHA1

            15e0c64007b031bcb9a99568e9318d14a3ff5a7a

            SHA256

            0ef18e60ec75cf63cdcc9cd4eb6aef447f736857e6a5ebffbec8adf34aee3744

            SHA512

            86f8c0a9b1359b448d4b6bdea92dce335de5690fd1c8ef34ee0e2b6eb9122a15694abbff9a982f8228dd0056d5699a28f277495362757c978d3a35086c9c2ab2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e982bf93c5989f4bbbd4d8070b50355a

            SHA1

            17bc424caa8426b24fb582da5d061e5ab6dd2258

            SHA256

            9d92dcc96bb6f10f27789185fab794baad0d330d83e740f4274c08f2d439b88e

            SHA512

            c1f78763e40721d9d1f8e3fd7ab18a81dea345757855e1cedd2dc3a265577d31cf0bd624f965794274889a91f21b5ade641220785ac0817395c67f5ff6caca46

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            7ce4972ceb685e30f15f152c51b2b4f3

            SHA1

            3dc01a6469125a1d13de37aa6750e9beb7fda3cb

            SHA256

            4252fa27d67354c7a7b7571f26a94a3b9d2989b90be1a28beb630305ae88ed09

            SHA512

            2f444b87ea4e98501390d67fc7350c430588b1a1be3ab0a113d8c6cc7f4c42ee69341e0c0500ddf3afecb97a53bd5cc3cb57a043e924bf7fdcc44a8f19e2a386

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            f0e3f11fda3abbf5c76f53572c8dc889

            SHA1

            e339dc4f02e65b007bf1014632478662d3660207

            SHA256

            edccd5bcd6df95a9b2a9e8ef60311ff562b04d364e1ea27ab829e9f5e0c3ce6a

            SHA512

            5fb3360d11900c6008f7107a017cbb879c086d085bad5189b04649637dc6f43e351f38ff5cb9bf5cd976ce55293f8e8b7f02da0488630a8fdeb83fb43311da55

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            fe2fba441fc84ea8cd18545d688d773a

            SHA1

            89d9291de0caa5e0b3c1734070030b8a9cf082d4

            SHA256

            53fe7ffa7ef93441bc9b9dfcba7433d796adac5029fd04898a651c315a220498

            SHA512

            7f59e7d28218dc0e015ff2bfd68c58c20c1e42213edd8d10100f7028423e72b15689b65b0f8f38a633dd478f93bac08e64d856f3fee3947a19c096ae994a9501

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            687aa9c573458f733f2933c140ae5038

            SHA1

            739a8b9fb3b5c27c2404ed744cce75e1c4501c8f

            SHA256

            5681f73c8cf1368831d650a98c873775d658f0aece5093ca26f4d46e320ae777

            SHA512

            910c3674f78288a5e33db6979419c64ae43527bca562b7c5197fc9a1eb0d29dde6c3e809f1c77b473a2d2f52607382d3e600dd5b608bc5c61d453717791e546d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            89c3671907852ff80ef3a59fe126a432

            SHA1

            e1df74d92999e8b127b8ae7d6628779535781473

            SHA256

            af8147b77fc4d268be76a4f3cb7d37dc63411746549a4bd2f966c82c4f8456fd

            SHA512

            74fe274cd93165450fba1bf39d14db9e5d68fb68a27ea15aa8369dc8e0fc8e7e7554d9568c2c7ced37d01a4dec21a881cce6b8a77accd2c9746a4d14baed5916

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            6e1a4d6b58bbdea4f8739b2dea2e131c

            SHA1

            df9d9a2308c956149a3955bf322a03aca0389f7f

            SHA256

            b7f5a888791641f17de2d29a2223aebed2e16775d6ae98db038ae579a532e0ee

            SHA512

            f419c607030f0ad354898bf76b2c8f2a88485de0db86b6053c26add4dc8b010544e303bda0383ad30824f605b4982fcf2c765e626acc73ad410b8e17fb06b921

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            64fdaa5418c533d6773ae6d123cb480c

            SHA1

            d828d6d36e92c2d90df3f94e5d232dbbf99dc383

            SHA256

            ed8d7dd2428b4319b0dcfb999648343407519f28eda63012e0d812b2b3ee60a4

            SHA512

            ae40c7f1dad207c382a541f4e94f93421d40501ff349d289c90847b37cddbea83bc389c50b0f6fac27df064690b5f754f64040d888d35954017b60744037438b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            5b4f40ca176a7be2f888228aa95b5d82

            SHA1

            b02a9220ed731eea59f4f48ec69c4151107c327b

            SHA256

            c886f495b4c35a9284b29db3e2476885142b5d3d2e08ebc21e28089624bf810f

            SHA512

            fabef12a8c764cac288ad9f081a8e79c24da76077be1b750bb39834fae0913f8c2d9981600b9f22f1bc7c9920515906de69ebd9dfa7e1cbd1315ada19fc4e426

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            4b49e0c819d30b0359c089862f1f20eb

            SHA1

            fbfb4ee2976c5ca410760481207f4bc7e22cf1a1

            SHA256

            47f8f51851c08e22ebe3251652ca0821942af24c4abe39fd9b6b93c95591260d

            SHA512

            8e6b84f80c37ee272ac94b56f0ea663f1f11a6f6de93555e3e2e6a219084254be120b5b6fa46844de002f0d0a2d1e802ae965c83345efdc6082493f6c34200c9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            0e4406b9b3181116f3528c4529c15b21

            SHA1

            ed5bdb3497720980ae4a4928dfbfad233f1effe9

            SHA256

            ebdb16cbe87daca90b635f038539424d2164ea1b1320bce4a21b32ee0292ab98

            SHA512

            9a09d7c62ef4177123210bf3ae80fc74cf89faf1b82da7a3d98b76da2a53ea8c6959b0458cf701623d5bb0a2980266b127b14e37639f6c6da17d08b7ac8b4b82

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            be3525010afd96d6cd0987ace3edafb3

            SHA1

            9ae3283b35d63d923b07397ea79441f9900b9d36

            SHA256

            d4a0b6c36a232684c4f294a5c11fd6e2979e92c5236193433685464303757c6f

            SHA512

            10d5b84a8e1910b216b61b88896c39b00c82294103b75efcd472c4d231ff5eaf9d57940e543a362b78f098231321b801ba67e603ed429ac5a1bc1e9caebc500d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            c90e0b0a64bc8781417535ce0fc4f4e7

            SHA1

            b233ce99af915cbff5b05d5d5a47635476988b3b

            SHA256

            013cc4d092678993485c02db487b1e0363da05914a9c7a10b1fd73568e963f29

            SHA512

            ebd95dc13bed2f377d432d1ffdc2e320d31ec6b53ebd5e7b0c0cf0af6269d4ef40cf83b9d90e09945676700112191257e8b0ad6c73169826ca6c96f2a7af132f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            937420ff89f4657f82642472d1c20960

            SHA1

            e89198d1fb07625e66360764c5e7b2483c1d21c6

            SHA256

            63d74755a29ff0b05ba526e3a89b4e84f01f271fc54abfbe1e86ab5a605048e2

            SHA512

            d7020d38b8f6221c96015da3dcfd6d4b8f1b095e6c48ff913092f468c7ea63e41f7ba15e78eefed464ad53a77c54cc6ef2a8c46a61fbed6b32654fda36fed326

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            5614adffb4ec92d95b63b19437025828

            SHA1

            72d88d711d31a5b0f1a041970aea823facced9ec

            SHA256

            c77dbc235f1c93a1ced016cc3d21c90d77359ddd8184d7fdc9306f681f11a9ad

            SHA512

            00e791a6226f80983eb327911631a0b8a16fb59aa81a48be2a2aea79675643d1c771a89439d462afd4fe365960d1afcb517bc6d284a3fc6378d4d1ef204ea959

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e97622631a1b0989f17e24623a8d6033

            SHA1

            1dc15fda8c0c7977777464e862f6eb4b0a928e80

            SHA256

            019a2b8eacd301f44ebdef75e6be53ae366ebbaef317a7d5dc8e0788f74eb522

            SHA512

            34fe7f41f0818f485b89c680245552781518e401d0e11aabaa55af71c422a13d72f0642228b3bb01239404f73a1e9de0adf76380554dbb25598140350523f862

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            242B

            MD5

            d68c66a4535826e950035465938b07b0

            SHA1

            42b6f3819240cfa8ad416f5b2c423b1db8726c67

            SHA256

            299d97f156f70e5d80dbe886a13f9532c4786b64ee26d7f5166b96b9ab93b2a4

            SHA512

            00827306fa520201e6bf98351ea050bdd6bbe5bcb0692fd9e8782c70f78acd5c98b538faab7e81251cbfb73336f1760228ca4e34474f0d58c5af3b1cadf4611f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

            Filesize

            4KB

            MD5

            da597791be3b6e732f0bc8b20e38ee62

            SHA1

            1125c45d285c360542027d7554a5c442288974de

            SHA256

            5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

            SHA512

            d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

          • C:\Users\Admin\AppData\Local\Temp\Tar35E5.tmp

            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            228KB

            MD5

            89d24a7cd27bb7cd313f89cca3e58fdf

            SHA1

            bb37aac9a7c0ab0d6f0a615439eeab1cb0f506ae

            SHA256

            4fb94001ce7961d61558c6f273b9a25e7286ff6c8e9a6eebac6576406962a38d

            SHA512

            0f25c6f4fbbd925ca3110ba26e638c72c8d1200dff98ac1062ab27fcc1259f6d6e0d0eaafd51fc83eb1ea36177bfbcd35a73351d13335fbd53c1c65f0c6be68e

          • \Users\Admin\AppData\Local\Temp\xcl1DEC.tmp

            Filesize

            172KB

            MD5

            685f1cbd4af30a1d0c25f252d399a666

            SHA1

            6a1b978f5e6150b88c8634146f1406ed97d2f134

            SHA256

            0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

            SHA512

            6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

          • memory/2624-31-0x0000000000360000-0x000000000036F000-memory.dmp

            Filesize

            60KB

          • memory/2624-25-0x0000000000370000-0x0000000000371000-memory.dmp

            Filesize

            4KB

          • memory/2624-615-0x0000000000360000-0x000000000036F000-memory.dmp

            Filesize

            60KB

          • memory/2624-30-0x0000000000230000-0x00000000002A3000-memory.dmp

            Filesize

            460KB

          • memory/2624-27-0x0000000000400000-0x000000000042F000-memory.dmp

            Filesize

            188KB

          • memory/2892-26-0x0000000000370000-0x000000000039F000-memory.dmp

            Filesize

            188KB

          • memory/2892-24-0x00000000002E0000-0x0000000000353000-memory.dmp

            Filesize

            460KB

          • memory/2892-12-0x0000000000360000-0x000000000036F000-memory.dmp

            Filesize

            60KB

          • memory/2892-11-0x00000000002E0000-0x0000000000353000-memory.dmp

            Filesize

            460KB

          • memory/2892-14-0x0000000000400000-0x000000000042F000-memory.dmp

            Filesize

            188KB

          • memory/2892-8-0x0000000000400000-0x000000000042F000-memory.dmp

            Filesize

            188KB