Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
12/05/2024, 05:38
General
-
Target
3886b0a884397790c2e5dd3aedf2bd48_JaffaCakes118.html
-
Size
186KB
-
MD5
3886b0a884397790c2e5dd3aedf2bd48
-
SHA1
6c4c6ae3e2fce850de7da7782a1349d650188f63
-
SHA256
2b5f59cb871abeb15c7370afac007ae65ab9fe343c9fabc7850567e233c008d7
-
SHA512
fd52d2bdb6e4f59e38446d5a5629cb760ecbe50cfd43dc4bf03e14c18c0ba9e2c215fa81469825f4e06ca412ae37673d2586d929ebbfeb9eb06bdd7311fc021b
-
SSDEEP
3072:ByfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:EsMYod+X3oI+YS1tA8
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 23 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3886b0a884397790c2e5dd3aedf2bd48_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD5bbb476ee99ae58a95a824147a313247b
SHA1a7a3e7ecc7e8b7b0e97eb2b13b2039e13073a207
SHA25645cafe5bcddc9d3899f1f61f78084eff70024d5bbc050c991ec949d37dca61a7
SHA512450eefdd528e064adc4147d4520059f2d7561672ad0768a1fd38c68d9180eef84fc25b70e5e4c063d9bb5767a147a0fb0e0611dd443fa8d214a4563ebd2d1db9
-
Filesize
344B
MD5d641b8821725adb840ef3842b46d81a2
SHA1970144b9d41c2b09f7d19fbc7b04bc04dcebade4
SHA25688443d1cc1fac1a98c9f06d0a5e56fdf8bae21b33bb98b6bd3f7e9cac193d76a
SHA5127ffaaa4127b238e24237dcd175b541e8ded14795f06a87e63d9051f7a731b73f4115fc7847bcbd31f0d52165fc3937cce321823e74fdc20d8d3679bb77d1ce8b
-
Filesize
344B
MD52434e0208d50a38dad74676cf130aa8c
SHA1b8f2cac3571b9ccb906a8d1bdf61fcf60e3cd563
SHA256361270f07aa56a4a9519828c374e2a80c4b1ca03735d1f94280ceacd090469f0
SHA51282b0d6c7d5cf1034e3a8106bdf28346c110ab2a28b53c44a332f30908aa8466361a78b83b49e4827829f678a1b3231e1abf40e6ea93e32e3733eebec210cd3c6
-
Filesize
344B
MD5c5162105a6282188f80481ea8e9c400c
SHA125777ffa72ab4710204c80327e85c52b2fdbb6cf
SHA256314df2607277371ca025cc1a075f3934f77f917e3650e815153920d085e8f2df
SHA512fcc22ba372c2a54dfb33d09565447289d2d404f8c644b4dfd2a2cbe183b17504d84c6f33a10ce4c542bc12140fe37cfcf360394c886e4912cc10520534d5faf0
-
Filesize
344B
MD5ccdc21747ecbeaa0465fdb023a28bc0f
SHA1100a6047bb3bae28cbca9d98e65a42ed0bd08143
SHA2561b791818c8f8f5029dd3963c28e24d51d9bcc752b2142da8da73ad5ffe754cbe
SHA5128515a8a4f7a902b30d2a7448e8335441d3ba981442abf8ccdea5f2676360573cf949c89eb48cd884b93095484848f2f605a93505531da9439e96421707c30116
-
Filesize
344B
MD5694395e4d59eb3ad60855ab03beda119
SHA18ccfb21e6590cd593ca0e128c187a4a9853bce4e
SHA256c2501195180a0489384106af25acaba95113574df5b165a57841fb1b78e04290
SHA51236f56cb7f9667f1e0a3434f0a0efc034e4e6c2cd2e54de066ff997729e93ec649d4599e91e0e33a996ee85beb1fb5f65a444c11ef01fa9081e74d364f07e4ac6
-
Filesize
344B
MD5f04b9f37e84263162c8f5bc74eaf86cb
SHA104e3f5c93d0fcaea3acc3137e8dd295287dc5f7a
SHA2562bdd19ae868a20e348354e435bd5f4094206010ab481897ad1c5f36a57d37c20
SHA51232cb0e0224251cf192f83a4f11a9046a548d2883e1207d1738ec73a853432bf30cebdab2151acd154f0012fc70ea1d2a070a61ead051ea793026a17ed14c52ed
-
Filesize
344B
MD56d86f549e325e4e9a0951da9ebac485a
SHA1778a37bc84ca75104a46cd26e7e8d0de1a8eefab
SHA256c07ee47e4d01968c3f8f18fc596a8189b5deb734a4ce9f41692296b8b1a09389
SHA5127dac38615ccb8d6d155c8610a725671342ff8102195a359a5f8aae0f0bcab923fd9b6af0f81ac1f8e3f5550395b709bd802169ab3200e250d6cac73f9b30fce6
-
Filesize
344B
MD563b43c1ea96dfa2dc9701eb22941878c
SHA19811519afc861a01339c63aefc01b10d64c57a3f
SHA2569eb4624573ac76b15df6beb40888f99e37c09887d31af4085184ef588ffc8e5c
SHA512fd066bb6e60253c55d6ab5419dd326eb984c64ca95a1c5de3e966da6bb5bbe129549333f92ddfe46de06cdf59f16003f1a56c6e7aaaa19206eb8c361eabbb030
-
Filesize
344B
MD5974955f2c11ccfe6cea3b2c87c27c6ca
SHA1b72cb0dde1bf2eea7254343f487c024ff6bb61ad
SHA256d840af5cddaaeee6551ef92067b4cbdda9ff709c0c18606ce704cdc4f304fe84
SHA512b2ad3d90a7f873cda54bde46fccd27ad7eeb049745beb8c94cc83b7f8d8dbc472b7b42cc5a5b05af5f636bc6a39c50a55ea62ac6683d775a0f649513a191d60b
-
Filesize
344B
MD5b23f5438ae077289777896ac7f8f0c0f
SHA1ac92a6b35beef3e688e5a48ce8f9069fe0c87319
SHA256b3b53d20624ca714bfdead6a1189283370c0d7d1f747f3c87190f2ffc7eb7f8e
SHA5120a8aaf5ecdbcb56190619157dbbb36b08558710bbfee5c9accfddd27940bfdfaa4e38d4c9643478071ecad8b8f02f2b79b0233e5313ed4f835bca927f123b4dc
-
Filesize
344B
MD5a7931cc70479012f40bfcbf4e1ef15de
SHA146e22ef2e2df907a6043246b19eb27ed7347792b
SHA256ef51e1f173ba468cf21e1eb34ea74c573a542d044a4b1bd97eb61b7e08b051dc
SHA512370ddf2f31917a5ae51dca6ac1a1f755cbd25b17ca724da99245461cd88d1649d13ff33d2211b0986f4434354848e161df56245c95615b55f8fef683ed164399
-
Filesize
344B
MD58d015f03f9b06530f9ef1aa83533ec7b
SHA1f23dd323afe8e58d079609bca81a2b0d30726207
SHA256aea44d518ca08473810b56a62257283ab604f1b043587b86f4d7476c51a2c2de
SHA51211465012e1063f223946f1c653fb690729350c6984222074da4d9a0bc6562f05ad6ff1011ea7dc497f99eda003ca449a661f5f1306e5920f842755929586259f
-
Filesize
344B
MD56f2ff93c789f2ad804181e956fef73b9
SHA157ef85df2925cf5f8b6caa6f9fbe191d06cc3229
SHA2569d15d46985cdecccd390fc25c8a964d9584184cccb1472f2f14e729dad110276
SHA5120b8a6d6d1d0d3c13915ccdf9f063e06f13a1e3d789573aae0ce4d9a2ea943d47e48b72d0095ee523f3c62a77f430ec460a697a185dfe91a044c009ed259d1301
-
Filesize
344B
MD52ad5ee0b49fe1cc380b0a0c2188c74f1
SHA127cfc99e4cd56a05a6111dd4e07558bcb51d086e
SHA25654da38b893ed46373f2a293c498cfaf310647c2c9790d331f951dc1cf1fa4d17
SHA512e6ddb17b1fc32ff97a7a60495fd739e2240022f4f4b199b434f69c1d9447905458ab6996030e4b5d3e4cdb212a459f2500ac918796598e312624d8ee81300b02
-
Filesize
344B
MD5c56f77daa2ab68ef9ce9aa35bf6f1d9d
SHA1db2399f39c37cb17209fa89c3db76771f9c35c4e
SHA256e314022b6c5f574926d0945aeb759ef317c3008e45652fe2d9ffed49bc87d04b
SHA5120f1680ea706ac01133dc21a6fffdac807f651bf1ea1d76ec4139fab93c680efe930ddb59a0d42779deb61395e0b641c23216f4e48079635cc2e39b8717b95b28
-
Filesize
344B
MD503950626535caec9543846b43e576cc2
SHA1aaaef41f1dbf23383691ede8f789d847f527b854
SHA25689eaf3c8c167c504c1fa38a786e6a707b707d909ba8ea1090e6f7e6077264558
SHA512375307cb58bf0c4e5288eb316be1ce42784b4aee99999f8ccc3a48483151cd58888bfb98195d834f6791bd4976015b57940142a48382de4b7c265ee1836a93a5
-
Filesize
344B
MD5e96fa6ad491bc97c7eec85b9735005d2
SHA17e2c87eb5269973f8a0e7b7673eac37994bb057c
SHA25644423b752a3482ad4bef4a9b6d442de5aed2196112f656e6115ba8e72952b0a4
SHA51203c794d10b275e1433bc7efb87736c306fb4a460b8ec5829bc216001c3d4ff563513ef07ce076eec5c84681ae130d058e7e442ac6187424508ca55865f435a8b
-
Filesize
344B
MD50b606d84f220b2346b68fcbf940caaf5
SHA16370f00a18985372bf7fd2d572746e80c0266c8d
SHA2567a8ee023fdbb29a416d2a0766eb0d72631c04e9577378d25f457b83877ad3887
SHA51252421b3a8f5f62402f9fc0b81a5a4559d004de82430c879fffba8db19aff0ea09fd5a13aa6073d42a7489f38c17ee270434c63d1ba42c757b76d0261185c5ed7
-
Filesize
344B
MD58a9855adedea6fcdb415caac87ec9a51
SHA1fbc424cf9b175ad42e30f4afedc527b5d66a27f2
SHA256d01dd8dece45a7b8ea6c4cd178a584b408aa7c2ca4a752dba636a12cbbd1d1ec
SHA512d9a70271c39e40e15a7e0ac33f0ba7490ad0bd4dc125ffe93b6b014d14aa20b89b762b32c30b1f23d88cc7b1315dbd08cde4a68bc98403bef5a72f3d84f7badb
-
Filesize
344B
MD51928057229c65ecef3f3b1345a4f203d
SHA14634cfa92d5b684b880c3631e8daaf32fe27de70
SHA25657e4b8120c671c2a055c1d2129078096fc3af05a715c22a8e75bb610c75b1ac8
SHA512dba3770e2f9abf8d2bec924797dc44eb1e9a6ffb061d538ea1aa9f369928a8718a55734423d9f21d267b7e49edb3d01456c02d5a9b7e2c23c83527cf425b5001
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
84KB
MD5df455f0fa8fb3fa4e6699ad57ef54db6
SHA151a06248c251d614d3a81ac9d842ba807204d17c
SHA25615068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1
SHA512f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6
-
Filesize
216KB
-
Filesize
216KB