Analysis
-
max time kernel
135s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
02-05-2024 06:27
General
-
Target
0dc0b7419b8dec868e19598facdfdf83_JaffaCakes118.html
-
Size
189KB
-
MD5
0dc0b7419b8dec868e19598facdfdf83
-
SHA1
5d1b0da467b8743cf4864bb6a47c57ebb0788fa7
-
SHA256
46565ae62aa1230064aef983af682888593a5e75a62c66091255e0eb721c6cbc
-
SHA512
98072dc9ba8cbd4dfe2a249f3e5aee44c404b3b40fae429780bbf20e085f23e796eb749bfe63ea24696dab8bfc5590ca8c6a7be864eec8ee5a380f38dddfceee
-
SSDEEP
3072:LyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:usMYod+X3oI+YS1tA8
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 23 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0dc0b7419b8dec868e19598facdfdf83_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
344B
MD5464af587f8403bb8253bee641fe6fe88
SHA1d9832c853448144c8fc1565bb2fd7f10d688e9af
SHA25628a32c26dd25aa4267b5cb3c97feff01ef0fea0443446a912034f3d0f1117639
SHA512ad07e85d7c3236f91411678f40bbe86ce3876a753b3389d73ec7597fc0a1e1c8b0ce6d6948d65f48fbb1b0c93d932d4298b15c87e593a4c00875f4b1cc0539f9
-
Filesize
344B
MD51ca7781701206daca57c66a5f11a2056
SHA120b23eeb9f5909f28502bcdc2fd01ede23449253
SHA256c3d7049559d77f8a5f71c977cae1ca3745675dd9d0125167b842082421cdc494
SHA5122f8f0288f551305968b6c7840899e54aad343fecf9a111242f5e57db9bd604a0a29ac813a5e2eee81feeb2147523a9ffa48d35b337f0925a8a3a7a378bfc7ba9
-
Filesize
344B
MD5d317267070b5e25f394ca5a902cf3d08
SHA198179aa3fdc9c097a84c2be388f4c3935c907e54
SHA256bdb281cd627be7248281c4f55fce9796e94b63cead3c85d0a10043932b60802c
SHA5123275bcec2d365bd1de29cb00e4cdf3f05be7a59797cd0a77be7f23ae75401e1dbcc4d43c6f8d3b8fed7cd5ecb3d865db1d5ff680d50001d21c9370c331db3527
-
Filesize
344B
MD54bef5e40daf6e6ca5423b20c495c9936
SHA1d327fb9f5ebc1e1424f60efa780a679b65245869
SHA256fb7c30253e99b599e130505497f1aa60dbbbd5a2e6b8af8a0530bc20da9d5bb8
SHA512a16e5ea1f6b9e68d240ffd2fe0f700cb52503e76b4e38e6748db8475aea45d0a0cca80844f3ba3b7c3f4c85ceaeaca2097913533b854ebb16c74da100fa4f1cb
-
Filesize
344B
MD5b78018cc49648c35470dca879b0346fe
SHA1b2d12a640dfe7f9deb63edd75054521ff09c06b0
SHA256c76119ef0278aac8a91cb4109d8ff26c7b895f6f250ec6beb9928982a98a46eb
SHA512fda673fd5753588d9cc664de86c0ea0ac14f838282f2d269b55edd96a5ccb1fa4dce39592b54e02fb66b018cc39be9c3abdd195c3679d15f828fecebfebd144c
-
Filesize
344B
MD57311c80f75fcf7a307af2e791bae7c08
SHA11159191595482f37ff1a128b17f461d098f03a44
SHA2561d75e33933c42832150a76eadb4c0fd54a7cb51dc410daa150a2e9b29ff8b389
SHA512323a50e9f300ed08e795359fb4b5d55d0ed28b94b81eed929d5c48d413d5b105027de31f9079e626f391a9edf598b24a4de6e96ff84f218b8a58653aa94778cf
-
Filesize
344B
MD55ada12305d6bc0adcc89376f7b315088
SHA11c2a84351cb3482e8f374b90d70aa99707879fa6
SHA25682a892c9e6bbe4a092fa74189d7faa3d63f783328cd3d703604d950d02bb2341
SHA5121e2fdf149ca69f6baff7425475cca39630125eddfd11ad15eeed5b0a001ec9829d75adcf26adadaac4019e1a5115fb9c7a6e1147225bc552c8669f5543d857b4
-
Filesize
344B
MD5ec2af5d32ec16b4559d7be82c9c19de8
SHA145e7c9db3393d0c9521ebfaba53aaa4ee46a78c2
SHA2560f8198623fa8d426e15c00d7e7792869b9132a3193a4800636809b6750dd6e09
SHA51274a79034a6f629012a8c189c7a926f73e4403c74b4af2c2e8c0e42a7407c417310f5c9b8cf6d882c3a337a1b14ccca048e867d4299ec3f3db36d30b705666f75
-
Filesize
344B
MD57d388bd19caf0542400bc8a013595e8e
SHA1a0624897f32faa92a5377d1d3a88a3136f8a06b1
SHA25602c5c58b4ef3de3d68f091cee54868b175c6bcb4e747c121454d4bf23d14ca73
SHA51275618a570a2d78fe9032c814812b932589e1ea62b2744f57848a49dda055e97b58d280a4e188288a6824ca349b9d4e80f45237ef825e36cc9f3586cc251a9f7e
-
Filesize
344B
MD5fda3ec06e02e703fd133ee1822754b29
SHA186bd573bd7a6a390afa231835d5ca41d47ae94a8
SHA256e3d4619cdfd25147f6041fb954a4747759646f581e17210b455ec39eb6f78783
SHA51262cb7b8d7b8674113dcec6c548437e0e245bcd7c2adaa1e261dff0a034b1c518bf6b5d7dc1fcd531f5986c981e75b4452f3d79e860c2f2fad41f4e37b5662488
-
Filesize
344B
MD51a162343537b4de94bcbba5556e34ad4
SHA1e221752c6516a5fbbbb3b8541582090e94f4ec55
SHA2562aeb873e601a7906685213143ff226803e28c8f0887022984b8018c513620a55
SHA5129e822e7b83fb7ed897f0d18c562fc1ef080a067675f4b97fdfebaa00f8b9c2479002d72f7c7d48b4d654d0eb6606a66a6d0b2e5f1dc630aed0b8ee9584fb6cea
-
Filesize
344B
MD56343fe65dd6958332a5d9c92ecf83e10
SHA156d716a65473cfe733bd681e924c427ad4ed073d
SHA2563756b819caf51112f03f248cec725f30a822380a4e52550ebffe6a1387f21047
SHA5125402ac9e5217ab7505a6370abe6a8332ad30b4a454b744883c7461d0145e0d56f964c61186ed98ebd3399e9e9b85dc2613a229dfd4a181be97f7a36464d25670
-
Filesize
344B
MD5c1c80203165369fc3afc84240863b031
SHA19ecc5406980710d910cf5037125a15a6a55cb071
SHA256ffe9ae922744124c151da8c7f87a78e0aa66da06ce9c1fec2fff462d46741d1c
SHA5126c183deed46c38a2042cbc6a980a897b90879a084173242148be0a9c06dd2b3b720ec0403cfd03f7a2eb85f72695f6bbd28f80e14e69056f15abe602ab323a9c
-
Filesize
344B
MD5b4d9430477721ffe441f44f6ac4d5a80
SHA1fecc3f4efa00ee63cdf897178651ba4efadd3050
SHA25614595843719b03ff57bc120d8520b2c706b76ae9efb218ea1c245d790502c1fa
SHA512b5bd870b601d446f8d33cadc68b9f1da67f97fc05d39399aad49c8f7672a4e6fd674eb9a85f685c2dddf2e4776e7bba1ed0b10e35c604eb27b24e98be0b78484
-
Filesize
344B
MD58445ce0f1bad0e1e0871e9ef73a8e0da
SHA126ba6f7757c90200bc2b47f1b6f84e514628ebdd
SHA256f2499e593dda7c8f9afc788718de9c8991e38a6a67b2a50420ead77ef7895bb6
SHA512572273613e7f8318efd4ca6e01f5c087713f740797e0adb523228f78ffa80b376020ee7e3ab457594768edf69854cf870874e4553cef261e99954f484534ba1b
-
Filesize
344B
MD5d472a3655c0bfcdd60e75833a6a9ab53
SHA1710da7d47716744f1e1c2d0f7794c5040909bb11
SHA256614a5cde2ab63dbc41723010b35a6270122ac9f54ba507d2d2e5015537284e07
SHA5121e0b3587dc431ace1c5b1be3a8d5bc18d2198d704885373c6eda60a669c53a60e892ecaeeda8fa10265a88e8838ec6c902a593fb4b4c5bdcc74fa6ca57d5f724
-
Filesize
344B
MD52d04ec85694c8772f28aa14be800c3c6
SHA15bc75e101c7ae7955d9924290111fb3439cd2464
SHA256390de36a820000bc4027163170208010e6e10f2191b212d8312cef51fe2758d9
SHA512ac0f36864ebfbcf276c1cf3cd764580e27b0cb99a99aeedec6ea00a4bb01c43e9363067168560aa69a7d1b00c130b68df2d4eaab1dde0be7d56c2aaf1233287f
-
Filesize
344B
MD5f27f1c56b4170b9efe70cede97d4bf28
SHA11d27d55625387829d2b972f5718061667bbe60f5
SHA2564d6a0db1b99a711a635fedcb840e30719328a52657d236bb99fb45a8fa232233
SHA5128219c387dc5f407de36d592c11ecb3a229070ddd31de2d71318113578090ba3668d395b34e6a6e7dbd5cf4861a3c825e070922dcab55ba4d659cefba379b29d4
-
Filesize
344B
MD5dbc93674db8722e36263a48e711ccb7b
SHA1dde622e994e63d01a429848fab29fe34928c67a7
SHA256d5c89a4e13ee7e059c94a493979f72bf73691a2c53af3c8538480e057a360bd6
SHA51228ae7afc4da7bf2acf5c8ccc4e96647c0bdae102d1474b23e56dda74442133298273a1b09bcb41cac2d72a4b3cac3051fd3107c841503f50a8e9cf1aae330756
-
Filesize
344B
MD5faaa251577f0a8ebc4a3b7b34d2aee53
SHA1afcf54af6ac331f86b972b405b72d82e82161755
SHA2568b47edcd700d0ecf4733c5a496efca9f5d711af3af9e4eefc062bbdcfbaf6653
SHA512cfe79f61b911462f7fe7097e3ce542d191880ac9f12294cf07483519396328895173e6860bc2303d06f9912379f85c35f0d8cf17f679c89de35e192d1b735e22
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
84KB
MD5df455f0fa8fb3fa4e6699ad57ef54db6
SHA151a06248c251d614d3a81ac9d842ba807204d17c
SHA25615068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1
SHA512f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
60KB
-
Filesize
216KB
-
Filesize
216KB