Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30/03/2024, 11:37

General

  • Target

    3afc00b1291741426063eae9e741edad_JaffaCakes118.html

  • Size

    118KB

  • MD5

    3afc00b1291741426063eae9e741edad

  • SHA1

    4537191a012d7c7ecc4ae509aa676a8c919ce20e

  • SHA256

    b91a9bc1c254bcb285f38a83f8a9e8d503cd8af6deeddea5d023662d60cb6e95

  • SHA512

    28f299c0bc66cb55201319ce2d3ffc6d1fce418db3ebc1e6da4e7fc7ddea708347552c1e490760152e329b3e3450de1185c7929575e5c4bf38c4635145cac3bc

  • SSDEEP

    1536:S3yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsQE:S3yfkMY+BES09JXAnyrZalI+YWH9

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3afc00b1291741426063eae9e741edad_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2392
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1668
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1048
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1992
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:406534 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1436

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            92f3b8cf013c159b9de01d43ca450479

            SHA1

            b9308b54ff334e1a8e355f323a8ccdd00f5980ad

            SHA256

            5e24ea530693f68ef56686ccd6567d73b67739654a1d59758176d2d26b6f8ed1

            SHA512

            5b323f150ee8c0940cfc9eb574b078bc8cd13a97f803cc8a627e4a0bff3cce8208e03351ca4164299e792967af120bed020b126fd99e622c7ad54cf2d5e33ea5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            eb0be1025a5aad7543e7e180aa61eaf6

            SHA1

            6fe09c7bfedbc753be73be93a12874f4f7cc386e

            SHA256

            4a8ae3bc72847c99918bc12ec6ff8fba5f9d62873341882eba640e67b414fe43

            SHA512

            6887e1af5c5f170b5db83b78597e5daa14f4bdb61abd07d18e4eccbc484289623030fc8c2c24a13926bb2c42225a151e3e001f2252a10a8a0e4603aff00debc0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            3b13eceb52ba5ec28ef8119b291e618b

            SHA1

            26182cf7fa82d8a33d720f5f584f68f3b16834bc

            SHA256

            564b86cd465c50de6d54a79e4ca1480d79ca573fcaf23ef204a58d4e9fd5b9b5

            SHA512

            9b68dada1c4d1cb2b34cbb0ca87f67b267945cb1135a65c84df37bc7fcadbe020f931b78d4b401797c2c51b9c88b34f17fdeff4afefdf995d918768cc301f5ac

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            532d674fd93aa3a17413a9ce3f34e730

            SHA1

            ac8bafe1244a1618d6f00f88b8b7bedbaae3e90a

            SHA256

            c4356257d4f8fd2d3aa6546496d4569ed01c5924f8fb324e6af9c974f77586cf

            SHA512

            d7fd291567bf064285c6d1d5a0847d0013676d43c3cf2f6823804f8ef57f4b8fd2d4e43daea404064d5b62c85538c47d42af2763eb8d82f02ac9b501ba777b10

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            9de4188e5f6377fbdd70415ab2136a70

            SHA1

            915d76afb667f743ed5854dd457112f838940108

            SHA256

            44b4c9f91d96514360638386db4432b60b8b46eeba6db3dc4306c60dd31f8c55

            SHA512

            22b41f0cc23bbbd9b22b7eb4843735b5a70b080ffa8498d617ecb11269b1daba65a522859422c51b0aec1b253270741d5022cdc85607e0e8a05886f5aa4004f1

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            ea2d36157abe1542bd771dffc1f19748

            SHA1

            f451fb9c30c7c57a126ea0de643b16790c4aa1fb

            SHA256

            0d8d245b64e2ded6967281d138e6a06d65ada41252cd21330d7774b027fc2f58

            SHA512

            04593e5ec293a5c5c09d42d92626a0a206c082d1dfb6bca891498cc849820500db3f35c1225cd2e27a4fc8367103e07a38e8901a2115db5820cdb56e8e4c1fc7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            8621bf15eed1e26455a15fdfeaff3d0f

            SHA1

            d7303bbfe08eab8278e63ef9361e32704b9a70f3

            SHA256

            c8b532a2993b09b0fb2280adf0b62522ade867b1da8c1b5df721ecbfec9bc1c3

            SHA512

            95ab43359d6c620138c9a86a94e05f39fb9e28bf7ebfc12ee284d9da0e0337427851ebc460a8c9cbe99473cd856a6c468a4cf48496c154cd8bb26298ef9a2ff2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            016ef149006fd4ff83ae1156654a8b79

            SHA1

            78f96f91003fe02b0d0bb7b53af11177d5e2bc26

            SHA256

            c42b0b0cbd2d4e16243b4a16360bdf636e2cff0811b3a4d1c3fdf38fa010bbdf

            SHA512

            d1ff553c59360cb7e08f04ee2e58f270195ae4d2c4a418de71101427f9f4ac2073d25b2b930cc319cfa33c25c83957c8f2a73a3406e61525d9203f0fac4a698d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            5e9e0e29ca886c96c301a673a5a56af8

            SHA1

            cf72f0eca1919da4fe03788c4d203537018e8403

            SHA256

            0332282db11f3bf95ae4d73cbe073f3363a43370fea602fe35471fdb1ce78459

            SHA512

            9075406a31456c4204a7f191af7e95243b55b159b0cf702ea0885265549341316a3b829ba813fbf16c5b1b3932e32fdc814a5349b56c6b924d171dd38c7bbb0b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            61e4350a00de25f27f990d7f2baf88cc

            SHA1

            17cb5330d38c30e8a8f5c0b43feb4204e4456ccc

            SHA256

            51ff79a266c01b04e93cc42ec113fa75c65a76e5a6acf7c6e9f40235766194fa

            SHA512

            8de0b280e937e84ed80907a7ad28a7eea7659c1ffe3b2e2eda754e0aab27bfef238b17b683d706b6d88df658891957cfd9137131c7be4810e553a3c2c7f2fea6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            8ffde2ef004f116e596ff9b5a7f5d257

            SHA1

            6800477fed9a67d891cb82e81144272c7ffd1385

            SHA256

            0f3151a623b869a3e0cf5c926ee629ac24bc8aa22cf793073f1159c90dd1eee2

            SHA512

            54cbd93aa33583a4a27c878ecaa5c5dda33a8db96aa77ba2c879690a4e501e9df0e900ab6b083f4d7f8eb9193b8799e22e18e9ccd136aa88b5bf2d96639f452a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            11a49ab6856bf3cd866b06708949d758

            SHA1

            980543285af84a340a333a3509c425c3e4ccdefd

            SHA256

            04c71139d7929aa2918d15467111debd11b6f4e618d93916d16ca0ce2ec74a7e

            SHA512

            6d036920f92080a7e31f7f40f4fbd612f98b0626f9d06f2457b44a4da2a070da4214b59d6f9147c678d918325a5f772524be295c65ac9468874a3a3be5a75b18

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            7ef244ae59a378a667f1efc4c9caba63

            SHA1

            2be55edffa86c96a65289117a500799fd14eef52

            SHA256

            f48dba0a2f5956727840be8e17bd570a531d1c4f1f3d7a4fd595c6e01b74e4b9

            SHA512

            99475ce0afc7cc826e350a8097023372e06c8f47b947db13c761dd6aa4b8015fbd117143bcf4ff74a5691a4bdca596c129c2cd39ab01c3053a8ecaee43f84fcc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            2aba26e383741496ff19628a9ab587a0

            SHA1

            0bf0cac671ff018b802e5ce52ff46d4980bc0cd3

            SHA256

            1080c49fa494dc6bf50821224fe5c30688c0348b31954a70306e4b9c589c787f

            SHA512

            e2dcb1e6f501abe55e2fc074f175e8e11f1f9e3ef3d808a2ec0ef9b46c2ff2ffa0908d26dbc5c9cbf72e81914d9441eb5644c752655b31db0b534ba4e7b65d07

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            edf0e2312024ae8a9a054df46e62e614

            SHA1

            6d143f5a60b2ca52759110257c43f619dc02a348

            SHA256

            6729f470f88cea60aeb8f0a24102cd61eb45e9f5f8ab8cf1c5214a85f374a648

            SHA512

            71d7c3133f3424d9a70b0c8628e85cf8e00761f9604235f0a8b976edb548021da4c40afbb1ac3788629d469b23cebc56d3b8a4dfa9ca73a9a17bb2d861f71fa0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            a2f32aff0091f37de81075a6606011a3

            SHA1

            1004dc588929e587e9d33cf53eade9691eb432cd

            SHA256

            dd08b1e6042ad7c8a4cff3a8f9285894fca87bd0c4be31c2f7c144bae4b6694e

            SHA512

            65cfbb856d6a4d804591e1c62373f501b0908ed200135d66080cf61adaef5747ddcec9b8bb4a3757917001c9c55c584d747c21de96590463f8caee122222b937

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            9389b2f3b98b9086207351cd0bb64858

            SHA1

            dc4a316c291869cb804be30ae85e9b056039b374

            SHA256

            01f2aec0e7bad3dc58146cac385c88762d46256bad5c77b829d55578711b92e5

            SHA512

            7b29d5bc4c2e255d9de7e1608f6f9caef2d58dc6adf6a3e95e601ecc970708078958f0b7bbb8e764a11b9344d1939974087824c918b2103b73d3fcaaf38ea84f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            1ace6d3f3f65270f68c11947ea80d07c

            SHA1

            e1178da74c9a3fa3b1399028f72ec8da2bc1ed0b

            SHA256

            06da01365982fdaa211210413ef9c78ea903e07d67f8186a380d0714139152c0

            SHA512

            79f725c0596170b74ec19b8a6478f72931ef5f5b34d56a6bb95cea394894b574a7072d90c2e69bdbf4f7c36527ee0d247f174c62d82d37b3c813eb76049efef0

          • C:\Users\Admin\AppData\Local\Temp\Cab785E.tmp

            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          • C:\Users\Admin\AppData\Local\Temp\Tar7B90.tmp

            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1048-17-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1048-16-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/1048-19-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB

          • memory/1668-18-0x0000000000240000-0x000000000026E000-memory.dmp

            Filesize

            184KB

          • memory/1668-7-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1668-8-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB