Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
28-04-2024 01:32
General
-
Target
04144a0706b78a632b81b8fe9351e999_JaffaCakes118.html
-
Size
141KB
-
MD5
04144a0706b78a632b81b8fe9351e999
-
SHA1
578afbb87154bc6929864d06c6bdc3dd454d23c6
-
SHA256
f2ad07964c0f8eee199b7c7095bfba1c0a74f17d2061003e32d70f20b1c8bf1b
-
SHA512
d5f5da00f6e2e9f43ce52872f43755432d98b1db50d0b31be664c0beceb59fac561f360249ad95420c7a1188d9c6ae5c75341710efbe934543f2716fe1ba10d8
-
SSDEEP
1536:ScTS0oFKg6pV/gPgvgHg7gm2gmmgTgngbgmNgLgz4N+yLi+rffMxqNisaQx4V5ro:SHFFByfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 30 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\04144a0706b78a632b81b8fe9351e999_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:209940 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD56efa3d574f6363884f6cbac4a3c1fb02
SHA1b3e23dd02ab9f9945d8035856f0fab2e51022ac5
SHA2567b94c3ad3556cb4dd6fa1b2b7c24f60086271e5cf5a635797502fa347e910e54
SHA5123d2bf4e722f69672a9380f858929a5eb11e29074a62b36a0e5e55496974d0865ea9990699dc87ab8cd9bfa1879d8e2a018468c5710c71ce87d64c801028cdd96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c0b0be11063b057507d38ea95bde1f8a
SHA128027009dee500e497bb7e41a9bd1e230dfd1564
SHA2566cd3d6721bfa441a08c9cd60a8c76eb7301186ee17712da2a8e756337235f7e0
SHA512960fb44368dab3788cf2432e1ece6a2e2537935dfe033a19a4c6df08c1aafb237ba03692505758f06e589e24cbf2ab44d7a73a3c30ce296b847aed7fd2f725ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD597eea3f6940c848fe47cf67b42693b3a
SHA1da9721ef0d849c8bf9c339d9f22ed064345d9988
SHA25691438b77c4ba22acd0dd34a32131c864e4cf0a7e7a8d12e15df5283310485d17
SHA51287fa927b6b79b420145a2af03b1ce25758b1ecba9e9afc7709c14d8247a83ddc40e1c692885848b39bee6e55b5b8c4eb04e01c24d5753a187766ca1f2458c40d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5df0c0a5f97932fd9ebeeeb23c9f7935a
SHA19a168e9422e6480edc669359ac6d5209b4913a2f
SHA256b35d5ed2fee2475d1ffc34440df6d1f1e06f9cafe3e916060c2960afa62a373f
SHA512da2019f783ac5cf63a97c3cafa9eef439c67ca6850f88267638b8aede8bd921e3389b7ccc92ccf00ec68b8b069e039d80332d91709ea214aa09dae9af1ca88f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD50fc48f6373bd685a626e9d82c686d303
SHA15879684c7858220e58bd805ca34b05587a46b2d4
SHA2568ce1521d451efc7a6585f40c574f8624487205f1d676c9072a0269e8fe86f4db
SHA5125db8daa1f596817340e826f43bc80aad33be45553fe4b5f952a18ce8fe7f0e6537c5378c87300d1b38ba60f4038ee8acd70d690da4727f54256dffb459e5d4ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD54ad2f5cae74b8d6c9b185b10310f4a33
SHA1cbe7153acbdc4fb4b72e04c2f1e7ac544d98a9d8
SHA256404a3333e5ecda2042797f8576cbe08112cc0e7daa534575aa4b6b2a4a17e36d
SHA512b593f2f8fd3c92b0924f3762764e30167bce78e205748cc682fd549c31cbcffbcf448f10434a91cbfea3871ab0fe82dfb1b8a78447fc6277dda99dbbe36261a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD556aa7bdb6e9f6a8bd3239207c6b28842
SHA1e87cf9eb8a96a2ff6b52a3e2909dd1ee6f37bd77
SHA2562d1edbdf7cdadfecd2634eb597dd618fe84f915d5c7d0c2f088e432c70833c58
SHA512973515207833142d3e216c420fd4f3435abe86e7194a45c68fc081297c4716d9404a667890c2ed5df9963a258595c4815f43207395cd5ed2371250cff7415847
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58c309334514b5d371fe3cb475174b3ec
SHA131d6c5120abea6a1fbc240dc1d7ccbad01248d9e
SHA2567a01da24f0a5dd7729411194bd8bed635883bcc98abaa81a76dfb2f22d3d1175
SHA512f3289b8e6445ee46fba15e7cae34bf7dab5231588b5e6a5e9babfdc82ac834f44bb61dca657408d1a82d469f8937fab85028185bf3c78e74879d7ca434e533b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b5e2178893dae2ea67749f31f4dc25f2
SHA155b9c1b7e032074c15d424c4c2eb5bdcbad2833a
SHA256b7114b0a2cbb20c49c8aba58bd3ca12c80bc57f5bcde5a79334cc6369b8a36e7
SHA5122060c7891b775a37eeb2fd2115d1596cda4013960fd21fd469be7f9fa1f130be3f668bea8632a45b153fdbdea64099ef265898b2a951bcb48dcdfdf35661df2c
-
C:\Users\Admin\AppData\Local\Temp\CabB39.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\TarC0B.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
\Users\Admin\AppData\Local\Temp\svchost.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
memory/2188-481-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2188-482-0x0000000000230000-0x000000000023F000-memory.dmpFilesize
60KB
-
memory/2584-490-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/2584-492-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB