Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-04-2024 14:30

General

  • Target

    00fab9193211b5b71801421ec420eb12_JaffaCakes118.html

  • Size

    156KB

  • MD5

    00fab9193211b5b71801421ec420eb12

  • SHA1

    b2067c8e1cc1ae209bb93e2a1f0088e1940dd674

  • SHA256

    1d6154759a0f31427e3ba4eec48eb65a09f45fb9c4abc0d2a80faac80c8003ba

  • SHA512

    a4192afe2781a5b7503bd3b5e609e6781e8c9b1f6cad5113fd9fd622847c1d64317d36ea51609be742d5e35fdb5d843ff30b351554f84d8ac3bc0b749130c2e2

  • SSDEEP

    1536:i3RTgX9pXnDSpyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:iZwDSpyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\00fab9193211b5b71801421ec420eb12_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1884
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1428
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1708
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:1061898 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3008

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      32944e13bfaeb391e2473a54f9691748

      SHA1

      2a53140484a651f5886385f8bab9fa0fbdf4efac

      SHA256

      616609afc3c7289cbf1f4c890f6164f27fb0e5add80b71f60209e908f806b886

      SHA512

      4ee93522f3d604677eababde4e5a5e2649ef9b5f41b6b95b4986679beddf54a596564f24ebbb7d6d6b547a66aa9e4772725cd8f6e689b64779f8581dd244eb53

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      c0283821c0efa2aad9d45970bb96da2d

      SHA1

      7cf29800029d20a5deab23e81fff85ae054d34a4

      SHA256

      15b7fe515c4a62dc379e8137fb3dd0d100a205069fbf9c2b4b48e0c6be37b8ac

      SHA512

      1572390f0e7ee55625ef4f1d2e87c120f73c05969453f973aa0214a480e5e64d2a8638f8fed1c11ec6220a97c68bf935ad9b425c9a42c7ef9e56d325f6bb1f8f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      ae6dbfdb0f536eabab592c6283dada87

      SHA1

      18b175fab758d5f14e7f647f11964e8895e0af3d

      SHA256

      97f28df034378a17e63e065934adc75144a1ed0ed0e84cd505a9b4c39934243e

      SHA512

      acd250e67cde5c700a8725a282b9633c0b1f073f4649202bcc13d03229758cc67456c67f4676f0c82ec4a0a7578077ae314329089ac481772d3b7b89a6c50340

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      54a2259b689ac9592c04edb564ba58ec

      SHA1

      75f077fefee99ddcfa45480f817e57908c77981a

      SHA256

      eae52cfe046c04defa456c3fd3c7aa603dcab26d48d1015d27d066ae04cbf5da

      SHA512

      c7f5a69f5e14f46b1cfec1c0544e1e45ad71d4c25466dec04e2430dd90ee8ade28646455700fa7f7edcc813ee4ef891fd9d6442f4c42c48072f8e41472f32156

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      29389e2aca5075255926fc98c7e32268

      SHA1

      3538d413dba3f7f3c8d898b142b9151ce158817f

      SHA256

      848f6d0d12c6854c275be9645ef39cd50b7bc2c2fbd03b2929daebb56ad64352

      SHA512

      b4b8deb80ac7e9d0ab986496c6a6a51cd4bcf004b6d6f5e333431c8b2d6d4c9933bfbe98d78be02e5d6dc4b783c413085cfeb5c657d8047eae105a8bd8f2507e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      9704f7342fb8716721eae63f621d0422

      SHA1

      9f0bd42708ad7d5c462881c8c8b0e997dd5ed9fd

      SHA256

      99af374b3bfbd168b91cd74ad41f34bfd549c7746eb0b6e8ada3b1acb5820a7f

      SHA512

      703328ed4aef744c881fbc4f31fac068d9fb4f2dddbfaceb2f53f12ee33403e841bc083f1dcc0e690fc846de1785c937f6933f1593f9c490ab13802170be3c89

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      c8852063a1df460daf607f761a8108ae

      SHA1

      6eef035dd64f6fb4284cbec829f1a2aead19aae0

      SHA256

      fc96591ac3f1debe0fad25cd4af217616ad0760f0805e7cde415e59f47788604

      SHA512

      805b73a5a4cf766faca251daacdfeb935cf9d55eecafeebc4c31790518277ef2c619d722475334c834259f078e9a6b794710084f5e866708dcae3c4449fa1dac

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      8bfbf539a43a3ea79b7d185abb0bb34a

      SHA1

      de8bcbc09e4a8f105dc341d12d4515f1090e91b8

      SHA256

      edcdd69b0038e1acc58438318eec5e68427f9622893409fdc8d03d7af78dd04a

      SHA512

      18dcda1f0a58844d3f3109955a8e3e64b2bc4ff8aded07a9c091c819e8c5f61b417dcbbc829802eeb583110471242bec633e584f8f171aabe27852d21ee4cfe1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      20bb1b501c72c5ff85a901b730a5ab4a

      SHA1

      ae8b185c021d832c341622f178db87bf3b7f086b

      SHA256

      1b1fe2f4a30cf803413b4b50aec831ac144441883f4e7b5e707f3fbff8766afb

      SHA512

      bd2318192aa310dfc24ee58c5ac4dd0b0885080c911b1b05de073ad1535a8202e2df08ba3f3ec3e6fb38d3619091cf80b93b28d61999acf8da1e7d58803addfe

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      2db9e5b076f6a77e8330dac5a36654e7

      SHA1

      f0020ab2407cb6372b094dc11b037c744889de16

      SHA256

      51ad3d1dad3b3632bf24da2df056b1028fc74b72bd004993ee08571aa25cb498

      SHA512

      b9af5865f2b76991d53469a3c2080a766cbede0b00f57b79c128d74ce1f2f73da7f055bc1e3dcfcfa3b5e729e0e458729477f18b0bb3a2e3de1edf838347b89a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      cbc8f2ab3003c548fd4052c567007cb7

      SHA1

      d860b645cf4edcbc85d2d2944fbb438f3733815f

      SHA256

      39b087815b91a449b7c7eb135497e4169a1f43806b6addbd2e558d132b369e33

      SHA512

      d0e5b23fc5db1d4c0e380a107bad17c1ea208a6ee28775c67e421a40f9d7e24f443535dc6606f3c6586f9f12367b527bc3c88b8cee6e11b1f5f8f43001fbff7a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      7df157e500f9a2a2451c6afa579bbcfe

      SHA1

      9c072db9be6feee06a9801aaa59cee9becf872d9

      SHA256

      1cbe8b0a669dcb77e42b46257cd5069b92f427d457f297f2c1620635e07d6704

      SHA512

      7349051be7ee39359f5e05818403672d56d56790181e1066cd23b79ce8212090f2d8a97b26932ab945a5fe1b34ff492849baf490f00155c1a2b36da6ae234b51

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      2adf8071203f5cc7f7daec47700a24ea

      SHA1

      5349ece477468bd353bea7cf042d03578838333c

      SHA256

      a7f5fd09fa1f96e749fd5b30c25e4a92b578fd8893ebc1be9687aa20d992956a

      SHA512

      b920a54275e07e30d06f83a72ff43adaad4699d012cbf07ba8c526ac0791627a916c2a45ee2e46c97fc994f3d8ff80f7fe322c7753487da561c85b30b571abf9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      5ed22eb190e9ff154ab1c8f8cfe12c0c

      SHA1

      a738550f539139174861840a12a1012839a141c4

      SHA256

      573411391a6cc0f86b6843271a67914dbe3b4beab7ea017a08986fa471c5525b

      SHA512

      05fdd7781c1a19d340e7bcf2d05d90a404d384b038a31dcfbeca425ab5a648a254226e21026cd9a82be0cb3fa02ea193224baf3c7e9836ce3d8412adb538a996

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      aec006c43a713fb25988b6575b1ad179

      SHA1

      0c8ec2126322dfd0e13047ea835e36195b87dcc2

      SHA256

      d23539d0c946e8958acdfaddff147371c20b15e817f0c06e5bdc915e3eda179f

      SHA512

      e3ee67c16d0ca97378a52a0c8cdf651fb5920f382fdf32b833aa344a714a7f093e59cb88fdc1abdbce14b35791fb7df25d4a5991c7b188137dbc2a24e9bcf8e7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      7b26a993fed853f819304eca838f7d33

      SHA1

      2aa65158bd50ab0283619d891338fa37daa8cc93

      SHA256

      aa8f74512447c56e14eb54f490111b7d4af2dcbd8488daed6df2b3de4675ce61

      SHA512

      0b49a1f0a2eda3ab05dca5b7dd80d8d6898db63c4659e6097ac7283ee8f0a845d5ccafe6af651ce87596349e507da7b53b5a5ef061f00402e43c0dcc212f6940

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      7cb259007f4bb8fa017095ae83d0334b

      SHA1

      79fe35831feaf058819b7f31185183bf0e15be22

      SHA256

      b1ded6f92b47d92ca44422960e9b2ea8d880e3d00803d4bc4209e8a9f33c6c8a

      SHA512

      29dcebd10efc41d95620ee184a1dd45ac001d48a745cb2214e240d45b897fbdc8ef527fce053258cc72f95fbb249343ec7f10303f979adb9784e6f8ac6bb0541

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      ffdbbd5174bc1b56b1c983b2aab5ea26

      SHA1

      8d262e317e7176cd1ff70cba06ef38d0a8de25f0

      SHA256

      bcb1da474c510495f2ae3dc603e0dcfaced8487fa09d63c3c0944395b73052bb

      SHA512

      a3d5bc401008fa8399accd424aaa8192b5ce9ab30d8b8eec058503a09d934cad83343d72f65ee542a033a177fa5080ea0f10afa000f4381e16abd7c9d1737833

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      37d3c07cebbf3d65d2d32300090b5c96

      SHA1

      255943ad3adf32953d32381ea778a5eac24980e9

      SHA256

      ff7ce73d3b5d8b09868705e92263faaa3c73ca41f2278174bcb6190715521c14

      SHA512

      68520db98021677b76ce67be80e9734e839666fa24f6b6cdb750149936230005178760a9e37402e4c34a889b71dc2d8165761e8bff1f05930f3a364deceb7a9d

    • C:\Users\Admin\AppData\Local\Temp\Cab1383.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar1464.tmp

      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1428-489-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1428-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1428-494-0x000000007766F000-0x0000000077670000-memory.dmp

      Filesize

      4KB

    • memory/1428-492-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1428-490-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/1884-481-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1884-482-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB