Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28-04-2024 04:35
General
-
Target
04629db1cd4a11aa00c8ada604598e86_JaffaCakes118.html
-
Size
146KB
-
MD5
04629db1cd4a11aa00c8ada604598e86
-
SHA1
5728cdb660170ab3ec7eff85a87459900b6c524f
-
SHA256
7e57f282fd7fecf56920f966b5e8c5d88a487c25a726c438cb4c1e61d03e1024
-
SHA512
881b4c6f6ab38a184e80e08c5ef454fe9159f542c8b0b48642ae73a7a6cc415ced4db0dd52e900e1c2e64dd308e41cbde55ed7a0214a811713fdcc2077b5993f
-
SSDEEP
1536:xju63vdyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9w:xu6VyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\04629db1cd4a11aa00c8ada604598e86_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:209932 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f71f264e1b6939e993f30d83e6f5abef
SHA1bbfbac5f23f6b0b2ef7f6ab1ce699d22f593a2e0
SHA256beecdeaba872a11efb72169c7d90eab6e2d24b67404375dc72d9ad2d1ebe9de0
SHA5123af97d40e608d3a0da75485e1b5505f7fb03d14d9851f5723bbd5fcea70e6ee0816b58226d09fc71f2da8ba058f9f76096a7c33d9a810de9fa5b4706ef39aaa8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c5ae689fd26c5e51cb09803dab81d5f9
SHA160dbed0956139ff206e2e2d5b4c0fdac5b3ea06d
SHA2566608b48b55d42c1e7ee16a945482c64d694795a779374ae84b6cf229fe69465d
SHA512c3281aab098bb10642d90683586087b79790e3bac1fb2bdcd66648d1c7e1b32084f6e2a9be4234888cc2733b140fc857beddb6eeb181b824591deeb33585ae95
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58aceb566c4de846bfe7ae4fce9bd89ce
SHA1fb533e0e6166b58ba2e12b0d3a8879186a765393
SHA2568c3c3efd12ae45142357811c636fcafc85d15de0b15862b84e9b813df8e74bd2
SHA512ff772680bc7372614cf99222aea402f678f09488ea239bd9ec7b0ae50de21bd6aec3fd0c0c57438750bc158892aae7b963042819cc02846915a6211edd4ea965
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5698f329b4ecec96a89e5b0594fd4f84a
SHA109385b07865e6535103a3f82d18e4b30dee89042
SHA256085a22fb6fa8cf88704466ebf085413751753d870672ed965e9a8414376eec00
SHA512a86b6ceba70cb6a70b80ff94e5985dfddbf6b543ebeee38be3afc5ed46aa1b6bb6558341c3b7aed0cb83b07160936b04e9b6660958c1319eed2a3ecc67aaec3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD576659f251b002ac40aeb5106af00723f
SHA1b83126a5fc7f6695b7d5f99b70b7cc4b8b5bbbf8
SHA2568c86ad40cfdc4cd6aa09fa5c7af727690d2e47314e84d6a775cecca9458107e0
SHA5124a06fa354325695ffb92c211ed322e15c66ba167bc7be2a512a3288cd30d7dd8baae36d2493f18bb88992d043540a5f7699ab4c0b814f20dec596d7f88e88383
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD553e646a2bdb99d87ed4675472e61b2fe
SHA1b2c11831690fde1afea9b7a6c67533594d5ef93d
SHA256290e811485e0efc8d8579ddff98d52343f8d44028b2a78f00c9f83fc8c684063
SHA5120d937f85fe38f58dad97346e8927afe842a643453dd4430382a4ec17aa0509c9480600752a3ba4f3c5ffdcc6bfd6f4cb1b06ac4849b8ca9fcf96d7d7a4648a40
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5ab95d15707c74db8a6e1bf0e937a8968
SHA1d8594e431828ebd9b668261cc062bc919fa60601
SHA256bdeb0e1994e7a7aeafd63a6e6e9aab379e981217c88e97552aa9d221d9f4d2db
SHA512b06906bc63af78c07adce903ecc6539603b2f14572f2476a15bbf5fc61ad879deecf75fa2aaab65476a395c0f6be3b529b97b50127e6fcb6ac30b8298c8adc9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5ce5554dcfd1f8b09c1b7693a40dc6684
SHA1ebf343f16b22db0a27a3ef3542a1547213b65af3
SHA2567754ac5477880e8424186ce5f52d59915536780985cf3c91ae24f5d8093c7b41
SHA512a6d2c37f1be7faf84f6690fa7b7797eebd2f805f82a19aea9311e4d1e8979053e66dbe7b6f0fa848fa9d1c9fa46e299c1279396f3a0f9e33311658a53dd9742b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f6b60db46e9407f8cf8c546ced9c5f08
SHA194ba66c709e30cc23340c07aac85bdf70ac712be
SHA256a19606b0a36d79f74f55b28d35b221bd22b6ac380ae4392ed5f7ca35c197215a
SHA5123d6869286181476c807f292b0481d715f713d8fc5350743fa1062c24882e48a40cf9f1e17fe5e12722098de6c2870d8bef1afa31b1164941097c39b2859759c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f5e779331c4d9391f200cf8f7b6fa5f3
SHA131c2b763cd1e91aed0b1f694b571ae2a5b9b6af7
SHA256c49f7576ec94cd0d2f4767f9ccd2309efa7734d9b4ecc9c98341309ae24c405e
SHA512199d2c71f8fe5c0e3fa6602fe1fdb687c8f856921a73f4d1c6bdeb7a5d63df43f3a58f8c83c372efaff11af57d11e94a8a9ec9569e3901a0bf4beb8086ba1ddf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5435c99808a3dfb2457bb300e64bcb95f
SHA18f200baa8657c91df7fb6a35f3e2b24740548e72
SHA256a4cd620d97bae5e66ba0cc552972228e196da7f73dfa9230120a16b29c1b1237
SHA5121edf11da062f37b121e429a3b2b61fc54d8a882c7fe5007fd9fc60ed02820a10d24f0afff5b0f9308ef2618db9303d2f9073dda0ac4b221df8da8ad1b3f897bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD585f3494e398dac854a8551cefd4abe4d
SHA1313d074feedc6e8acb1a31e1326ecd849abf7d34
SHA256c3b748a1aa3f48817f8c99ebf2412d5949a6ff0e5e9ba038de9ce94472fd748d
SHA512f64070d717226cb65b6c45fb5aaf807c6e3ee672196104645f1fd69b224df8b8742f7284a35e0b11d1d9c7a526971d888ece755de22c24169cfbef8918d006ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5173d13cdd09c0f7ddb245135743a7a7a
SHA1f25ff4789f98d79bca2dd36c5947258b6b74d7f5
SHA25647276f7f0408b37fb24c33008de92e337ef98df9fca4ce453477e094740b6ef7
SHA5129319358a3c8984fce44d6dbb0584a8664741a8ae7329f34b904818b1d20722f31bca0650c50ca696cd8d2f3dc6e3f5a7a1dbac6041fc498f956575b36cbb3329
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD59611ca7ba5d0a0e584ac34bdcdfada9d
SHA11994038bd9e9840503ca070142a176f28bf33bb3
SHA256f5b8d7f41ef07d11852ee3fcb448dab1a0c6bda7fb83f72625607b12d7f08d69
SHA512c6db8cae8317792793fbf52d20cfce2482a1bb1e5ec32e6370669ffd85bf6a2724b1d242267d8b517f544bc73159207ada2bd5288e3e2c779d73e59deae0d07a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f5cb699b7a3b22e841e7d224fa4eb507
SHA1acae07fdcf26d8e86d8a28437f055ae1952d2873
SHA256e0ca84b8866268417e56b49a017509fd144974dc314139d1aa2b803e2c44aefc
SHA512bad548c47121a07b4e464df3d05afbad56d22b65ef61b8cea571747df80339cd591ada32a2fb10353146f073f5c2bac5fc33c9d8361697ffed7ccbe4de46a48e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD595ea243873a149222bbc07baae2262d9
SHA15a013600792afbac08c0f71a40fb154701fc14b8
SHA2560bb97c2cd566e3d5b019eb37322a6069dbdc30ee315f43a3aba2fce058e536d8
SHA5127e291eac089303b437387d7b61f399d1b09faa5cb416f79c865ad6614d88edb4a975d39d9c6c3513e7ed2fa40e545c597994ed695a53f8e8b8abbf3bce8efe46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5731f199e0e7a0fcace433e6ef5cf928f
SHA1da848b85f9b7f7073ce92a6379c8ddf354bea880
SHA256b1a2ce90b9fe650d4431954419da25c41e0eaaf9934e3a67f781fcb92ab5b8b3
SHA512530da621f5e1be3969b06d7f3ff2abd680964bcbe39a1e07c06df9d965ecb334da36e9c9330e89480ce0b0e7edf5c4f907609a17222f96855d5df5bf15bb52a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5847ffb1a27251d2f4b3f17f76c353050
SHA1206e13b3ca08d65a91eeba51ecd147071f3cbc80
SHA2566d28dd96809b8312d8dabfb1b80a02642cb9a68a1e015d343ea89e285276fd80
SHA512c4981dd13daa6b06a38a4d29221c9eaa7a7ff803711277f33e81b52157f06ef71bb50d9d6bf01ee8075f86e1bbd08092c2af209a40e8dddbca8b9094937169e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5151523bfc701e1f13832e1b5bf91c4de
SHA1d10f83cbdfcdf5d135fb410159aba37c46d1a2d2
SHA256a913444d46b50054154849026b000d9265b7abe3b389f96632a365d9b679489a
SHA51275103ea45d6dae86c0a35216251688d3ab31720aed2b35da7997569e00d520bbf0fc83e4f6c4557c300d919d38fdd911e5f884602e8c06e817344199b8d2bbd4
-
C:\Users\Admin\AppData\Local\Temp\Cab24B3.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\Cab2580.tmpFilesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Temp\Tar2594.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
\Users\Admin\AppData\Local\Temp\svchost.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
memory/2028-10-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2028-6-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2028-9-0x0000000000230000-0x000000000023F000-memory.dmpFilesize
60KB
-
memory/2668-17-0x00000000001E0000-0x00000000001E1000-memory.dmpFilesize
4KB
-
memory/2668-20-0x00000000775AF000-0x00000000775B0000-memory.dmpFilesize
4KB
-
memory/2668-22-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2668-19-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2668-18-0x00000000001D0000-0x00000000001DF000-memory.dmpFilesize
60KB