Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
10-05-2024 19:17
General
-
Target
309f67e526f1148ffb224865bb8c49bd_JaffaCakes118.html
-
Size
189KB
-
MD5
309f67e526f1148ffb224865bb8c49bd
-
SHA1
d8f0c12aa43ec21529ab60b457de078f053a6b73
-
SHA256
c3ce085fad7623ddb7d3416f315180acc5e18dd3c83a5c043e92df29f4b95e1c
-
SHA512
a96c8845c19ca447b8a74c00abbea99f00b37fb97b5802409c7459d7b5c0b497bd478a999f826843aa7e5c8750e32e1be44691d2b81224ea977fdc274bda2156
-
SSDEEP
3072:d5MyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:dLsMYod+X3oI+YS1tA8
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 23 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\309f67e526f1148ffb224865bb8c49bd_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1160 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD535f0bd74f73a69ee5e26d6b70c098e45
SHA1292a6f1f2818023b87298559b4df3ee247642dda
SHA25649d054a6ea7ff20af4705eea899f35a7e3663cf0a4fecf643c1c39b1cf41f615
SHA5129da55e506a64d910b742ebe33650b8d6329ccb3d28a35a2606942d3934597b40a585fe033127ca63a828fd97232b88acfffd0362e3eb04a50034351801bd2fb4
-
Filesize
344B
MD57a8bdf35887dd6878ca31a21d73c3796
SHA1e7e3a3a7ff09c6afb5dad6238e6d6a993083271f
SHA2561c71cd373b3f3b31d6cc3ef5b8e9d43046e0bbd8ca86ece6453937c334370f6f
SHA5123ae8aa7bd1f1b8e67a42bc91a1ce2db7408bf4c4e431ff27820ef1923fa588b9021d4bdc5578675142093746632b0e40790b419c5c42a9c599e6aff362a07e6a
-
Filesize
344B
MD5cbefba191f4988121b41554b49b0a0fe
SHA1245afc940b9b864ba5f62a57b355e05ced65ae43
SHA256dbda89243485f96582069676b50c2a84e666e912ca0d180a8de3a508fec87381
SHA512be8acba215c38197b006d19f33c06d5cb77b9168447f7d0810d5924e20fac06bfd2ad39d34ff73655f6462a91c5a2aec9a80d8473e568a607c028840bb762c53
-
Filesize
344B
MD5b8181bbef6aebcdc5c1f6a84a8f68ddd
SHA11dbcf51c09e1fdee90450c41eb40fb8d49dfb74f
SHA256679876c0ba14c564202b6928fda7cdd8277bc7699046cbb852579815024b2fae
SHA5127190e3dd7b43e248bcfa4ddbcde59f0fae4237f14bc3274df61f18bc616ce5c22b453b0ac63a4ff18fe1c18c0f58bdb530005e80dd2fe5ba39705514fa14f212
-
Filesize
344B
MD5d7bbc6f7d467cc2399d789f41662b8bc
SHA18b0527eddae7c6cc163c469b19e41f4a535d5e58
SHA25642299f2a968094ed1b8c0cc827996c9821cfc9eb02027849fc238d9b23365770
SHA512de9fa10312a33e8a1277f061721d0651a8f1cbc9c6b74172be4f4a6c613b00f3985c865ce261235a16e7ca235e83f0d257b45610895f8147738afff990359899
-
Filesize
344B
MD54aeebea733f30949098a24755fe8e90a
SHA1f1f721cd1a668c864f587338d98faf7dbbba09fc
SHA256875391d9382c991c61599d3af786bbed6365d4378436dddb4c24f1a914c13f6b
SHA51243aa0e6044703b566fd7dd1fa69d3f97a224effc008fec3590fe2c51f824b151fd61988b743a3c16511de5ab51bf54bbeb58d72fc2aaedbedbfdc53bb2cef1a6
-
Filesize
344B
MD5588dd9543753996ac5a6bd5293d2029c
SHA11c3ef25d85a8a83098a79de88ac28d2b7f077b2f
SHA2566a4eab27aae7b95e67069be6f200da85c3c939d36c9f9fe689d0b9574dc75c1c
SHA512cda5981924cc784f0601d9f5ff87b3f5adf94f0be17c82cca16f7f862e470310ac06f14fa69df7e9980cc551d37aa3e8f6e7a3b1a8cb3ecd5f40890ad267882f
-
Filesize
344B
MD53a93481ec75ca524bdfc290ee42275b5
SHA10ca5ef2bb1f8dd6e79fa6fa1d5c5cf9eb16db790
SHA25675d24f5c2410c5b642d65c9e53163e03349cb8ffcf1454e4628a8cf76314e341
SHA51212bf795c5d3e1e5018f32cdcc5ae1a83fa539a884f87bafc86c980eac3f212f8106f31bbe99bba412f5106cfd6c1cc3540259cfa131244b788d9945a170fc1c6
-
Filesize
344B
MD572f312b530bc05a97c133d52e77e7e77
SHA12fc617737532ad75b7f2ea19638c3c9c9f6af51f
SHA256f61fb48b258335493c7d1d97d1d349f71bc74dc90bfd4eb74913a03c5bfa114f
SHA512c0b29e92661398023acd1e31f20844292b351644ead8330f3239476142ee07f6e176bfa7d7c7956a30ed51890097e6bceeea570f8fa55cc03db8f88b6f888074
-
Filesize
344B
MD577a7bba60ef27d8db66e34cd82fe928a
SHA1c88ec9046fd68b94b8699ae328f7ecf0363c1923
SHA25670b6c53ceaf14424e07ff969a5eb18c7453709a410742fdf046939d3cac73738
SHA5122aec7e012aa2561bb0ea65c26de5d190414e44dbad5884adbb6b17853b89265fd5389a3e0273a8ba2e37b9c8a36e5ff57b3283a7e6112ffec7b6c5bb9807bb75
-
Filesize
344B
MD564a6975d6feecadddeba0b4ebd8128c5
SHA1c688925ad7dcf7e16d0b4c4901bbe889114651e2
SHA2564acc1a2c2cd2dae3bb6c86ea927a8151efd26af5ff52531f2ca8f3bc8d157cfe
SHA512c66431cd2199fc754a51af82b95291e9baa8911bdb162902a9c209a798d0dcb7c5ef2fe3864d5f1bff077761f598f59499ee84b2b84232e6786cc64486b465be
-
Filesize
344B
MD5ee6b2d7ed95bfd34e644974646522b0d
SHA1303b830c836162736a823dde5c921d5db295263e
SHA256a0027f3587e781ccd90d16366e60fdb2d8f307345dc9ad62321657f6ede48bf3
SHA512909f4bc9033507645c6f89215fca517c054c8630f9f51c8d4d2ca7d9822eb34ada28dc9b3a1aa61db177fffeda1294569657b6c002d57daf616ff3a98b7cfba7
-
Filesize
344B
MD5be2166f6286a40da2a0af92d3f468b14
SHA1c21652d65861382390d43f4c2d2c2134e74918b2
SHA25638c8e63cd50a9f8a3daca3ef58f5b679f33d3c8a2540791ce2e2669d920e9d4e
SHA512b591476031c920cd0066026915d00d5ef08a27f283748f89632e153be207b3b3c3fb00d42759c253b5536059b6e1722c54a0d1cec1e9e10f7ae928306ec60cb5
-
Filesize
344B
MD543ffcb9a8a9fdab216982c89354fee16
SHA1a736ff3b5c21789762e9fee13c7966dcca190304
SHA256e9dda62a5111293b4596302c8ed2708d40f7d8dd101fc4349a60670e8d5360e9
SHA5120187f1e39336623337a7bab828927016eda0bf0bb603457f9948fbc1974d8b4964e3d2eab59c4f7a6cad68094ff49c7fccef3b1d93aeee4420cc892319a2c669
-
Filesize
344B
MD555d63d4d1c3646073c7bf400e71d2c49
SHA1561bc0b83854ad5c72f692e9c1e434176e3c8b97
SHA2569acf6ca4670dc9bb53ea817d0e7ca0b6df522bd085f7493620b47c30fbd63dd1
SHA512309d0ba511d80976d244514eb2e8f1ecf1afc6965985628e97de863c7fe5d918a9483c3fa1c0acad05286bb56f0e47c58da6ee142b04228af6f9765dca3666af
-
Filesize
344B
MD5f70cbb27c7a05dcec9cc7dc0189e8fe6
SHA12b360c87466f0a42da3fac1c433dab9267c27a2d
SHA2568986ce98c3b94e851d26c7e84dac97ac0e408f5fd7312d5e68f59c7d76f5ff79
SHA512c9fb081c7a2c504d8aa8a00b5d518ba90a1b01aff74e2cd2d204f69a2954e3d59406d993a06be058751b4227932f5d0241706eee3b11a95290482e1cdbce5315
-
Filesize
344B
MD5f444bc85d71814edd84c250e5f6c707f
SHA1248369e61533da4034b5a2a913698f3154d63caa
SHA256ac901193f32398eb9e5432aef515377ff3f370c7466828058838741b4e1dd6ee
SHA5122af302199b96e94211f36e0ed588909a044a39746ccbbfdceb59be50a0cae04193018328b6b951100c796dc3ce67ae9981d86e08d199292a8e7ce4114b373cf7
-
Filesize
344B
MD5b10f5369b7b457f8ca295746dc4d53ba
SHA14072560336f9776dc39b5b146a9618b2bb3ba591
SHA256de9ac24fba408b3cc1e2cd816c0ba4c5e1d8d95735deff090a28b7cdf54a8ed7
SHA5128d9d6e2d5fd0a2890bd41174fa7e2a7e3d484d1277ffd9e927125a0208825f50cf47aa0cc1d45090d88ac07292d6094d11c3175b8ddbc0a65a2547a570e1b65a
-
Filesize
344B
MD5b70c59ce62766c850b93accb9cfe9dd5
SHA1d153664c0eba1302ce3eaa134bee2fcde92584c0
SHA2569a2ac9128e1e01e1ff920eb16b0415df224385c7c5ddd4e63eae3bbc1e492416
SHA512e4704b9f265b7abe8cd148ace8f8f3b8a87cd3134839ffaf39f608ea619c2d655d01e988cf6adf86d19e65c3521200409e56840cdaad4343ab0a602c9637fa15
-
Filesize
344B
MD5c8663b3b6ff468d76d53713701c20cb6
SHA155694d9daefd99b3ac18d0fe88f97f76361eb349
SHA256039164ef73ea940f89118a8255e8cbe449cccff009ccf76a129d6917113df76b
SHA512586e5d971860a2f876f120e5cea8890796551d2ae387e6f51e5f956acd22586cf38f2ce09377eb7d78b4a12437a2136eeb7c6b15c72cb8c2cdb382b305582583
-
Filesize
242B
MD56d2ca85268a380d68aff585bb4f5f0ea
SHA1529a24a66f60f9b17ec57786466b20a3df39fb7b
SHA2564301a50e96a93d7166438e6ebd37b9835e79e7ccb0399d0337ae22f3232997ed
SHA51206f1bdae91b5b65ec24b46ff45a3625546ba5a4fd5038fd2a32b62dd1488b9f443fcecca83f779fa180733e003356713b4dba2fa2d4bc29e210c5bacd5af9433
-
Filesize
4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
84KB
MD5df455f0fa8fb3fa4e6699ad57ef54db6
SHA151a06248c251d614d3a81ac9d842ba807204d17c
SHA25615068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1
SHA512f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6
-
Filesize
216KB
-
Filesize
216KB