Analysis
-
max time kernel
136s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26-04-2024 06:24
General
-
Target
002dfdbd5961d31a9a83688a63aa55e8_JaffaCakes118.html
-
Size
157KB
-
MD5
002dfdbd5961d31a9a83688a63aa55e8
-
SHA1
c1274a89a611e62407e9829a8e615f0dca0d8562
-
SHA256
3cd2500ce35373fa6acf8f5adf8d057af8889e9316c26cac35300f123295d18b
-
SHA512
f313c4032f48f653e4102341e2475454c7587b42395bb088268db77e4ac2238ac67d270b183cc6a22b511c1a1f77cb6e458bd8327c7110a0465a8d39ecb213e1
-
SSDEEP
1536:ihRTzA9Gl3aOBMbmhVyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:i3zPVyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\002dfdbd5961d31a9a83688a63aa55e8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:472069 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5676331f1a7c04ff11ab62cc71902245e
SHA14ab167c0c5461656e21c4181f2e891b488c1afcf
SHA256ccb5230bd53dc33658cd16d3a48c0ecdd488c04c95e8a376660723fb5ff69bf6
SHA5126b0ad7063f1afe24e4aa45ed2839037f1615cca2790f8ad96f58f7cbea6e2e63fa057d4c8aaf7ab925c0bfb44b73aa2b3a5d2416a48d611c4077d60982292aec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD50399c94feec80496a4be97ddcbd03b45
SHA18eb801c3ebc345ac89c5e2c4e8062eaadb49c567
SHA25663cd6ee69010d3ed3757cf02cebcc2c2f44b1eb22ce12041b2706376a810597b
SHA512bdf81bdb847f75a509f80541c855a81f82947e0c72783feb7caf40841795101f2eabbfb02ecc069376f8af9f0f4f885d84215d338ca30922342d44b7bf31c56f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5634895bf9c35144078345a08059f2f73
SHA1a24de129780cd227f22f6de66d2af5885d06e505
SHA25664508e5cfc50642defcba78319273d49c44648ae2468def1ea354a476e6ab825
SHA51233ad26807cde8274bea86acbb7003279147a05e94f40e15d26c6be0a0accf3cdb6755b2d8cc3084033f704e27fffa18738c5a89089e3384f9223a740bc684b99
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5598c9d21b0fe477e5fb117dc73d1ad77
SHA111b7cbe8ab84d65ded64dc5fa30d4918fdd4e19b
SHA256792e511259b3935a3e1a8f2277ee6c8fa732b5b23eed6986a44a80ac4cb5cd5a
SHA5128b4ac28e7623256eb7452a28f2ace6699bc6c5d58e5804c775913414719507e5a57f58d31efbaa6b1beb2a75c160197c549ab662ab11a215f67d7f3bf47f3842
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b5f28ddc0b63065704df55815c3cbf61
SHA1886c512484a33c99b4f40909924ceef9f218199e
SHA2569c7d6414f2ed5a3961a0c3ce21eb97dc66c022e38655def5b50ee5c8a91253e9
SHA512cf151727e5a5f351e0aca66800bb96246303952f293cbc874dd04c161759c40b91350af4ee731c654f971ad42f232f1360908aa7c22332693c8d379acb91de36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD514ed819a1021fde6e71091a4b449621b
SHA106d4020cb1fc90f6b6abbb674c483751adfba231
SHA256f9ec64a1f8aa661ab4c67ea9057a4c72507f9a61d88b5e34af29d7add373f22e
SHA5122ecd133abba432b090a9ba14eb565e7f5b84f24221648e5f4b554184d6ca033d93687890740a1e8ddc31e7b7d1251f2a52916e80b444e5cbd8ccefc5090877ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5359b56073a588bc395a871308509d0c6
SHA14c928cecce8d658cdd64b3b8d40b0827733467bf
SHA256c0ed9e7f4f66741d0841fd73218114f46c5fff5fe142a29d518c8b0522c5bcbe
SHA512cce2701d90cf69920c4819751abcb35b188a4c4f9a23400a8e09ccde0d06cfb33bea0632398432cac97b982743909bfffacb1d94cc21ff677c5b45b60142a457
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD52900b1191be51530aac7cdfa8c758968
SHA1f79934832e4798d22c74e35b01be9c6fbc3a8cc5
SHA256924db615d182cad9adad89451d1fdeec8966089a6b33f88f30b76ad140469a64
SHA5123cd94617116a12e656c44e5c2650f1a70a9d6daedf6e2e52cc445afc6945033c535b3c2d66240ce67f0ec0186e7729acc665f429970615eb59dd62ca1430fbac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b60319ce7d920a9ab48cf58069b158c2
SHA17bb1f1dded3b901cc46056317c5b87e95a48e1b4
SHA256861f89210efd3d8cbc6098886544ad3c30ffc771bb981b049ccdfe94b939c8d2
SHA512a1c2609f7c9bf21a131592a9dedb062228983fe3ecdb8ab6a2cdd4a10abd89bf0643ab5e92596d18f2c221f65fb251a7bff4ba2cece4bcd61ac14c165206d44b
-
C:\Users\Admin\AppData\Local\Temp\TarDCD.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
C:\Users\Admin\AppData\Local\Temp\svchost.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
memory/1960-493-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/1960-492-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/2256-485-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2256-494-0x0000000000230000-0x000000000023F000-memory.dmpFilesize
60KB
-
memory/2256-495-0x00000000002D0000-0x00000000002FE000-memory.dmpFilesize
184KB