Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
12-05-2024 19:22
General
-
Target
3bafc854ad328fb858b172400a57d280_JaffaCakes118.html
-
Size
1.2MB
-
MD5
3bafc854ad328fb858b172400a57d280
-
SHA1
1cd27b93544fd2b167bc9befdcbfd17a7f465208
-
SHA256
ee83239c74a133eaf4e03fcbee5efeab857f5b1fafc99d7bf902add419d0fb7d
-
SHA512
3e83a84d667c8fc5b06fbd8b385c0458573ef954813b92774abdbf1d0730589eb02a6f88dee5608dc904854c61aa9b962523928c8d2aefbcf620203a08ed81c8
-
SSDEEP
12288:e5d+X3/3t5d+X3/3s5d+X3/3Z5d+X3/3d5d+X3/3o5d+X3/3G5d+X3/3U:c+J+W+d+5+a+s+s
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 4 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 7 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 7 IoCs
-
Suspicious behavior: MapViewOfSection 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3bafc854ad328fb858b172400a57d280_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:848 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:848 CREDAT:340994 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:848 CREDAT:406535 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD59e0f420eea98aabb884a1c4da3b61d35
SHA19087c4110424c0fbb74a0e63292e986432ec7435
SHA256ff64e17a18535e63ac6ba93cc2dca6bb9a766556eb2e2b14841b2e6c86fb6da6
SHA512db2d53bf6d9d68875aeb4789d6ce484b3750a8779514c0894647e9bd592b3dd1742339fb1969443f13e3025193e1f6d752a91b8102b9a1085ae772c61e5186ae
-
Filesize
344B
MD54fe09a66d02233e065db6be0fc36b197
SHA15b5089b75cac6288b2a7cd7ae4ac482928ee74f0
SHA25623b5afd1b76ddd7b9a84ccd8751b1af9de82b3163b9ec94cf2e0e38f8fa3eaf0
SHA512175b64855aff39771e4035d090423c9e264f2d3ccad385a36b55908b15e56e925c4f7d6eedc560b373ae659a9bd9422eab7e53b21deee52aed7de586c37f3227
-
Filesize
344B
MD5b8033d418d5f9447bf30f5d517dc411d
SHA1ca5758cf522958e65d0e1b3f86f5cbee23d345f6
SHA256f857ab99236a7e3de9232a7d9c1b2b1caeab9781267e7c382bacbf9a373313f9
SHA512f34a314d505ba969dcf88944b3fad8f852a2a168e49e6b25071c552c539f814535519600468670a85fe2ecf66498097ab5c34d5929011196292b47dd4f7cccc7
-
Filesize
344B
MD5c751c56e4c3ccf24a77895f5b13f8e88
SHA152968fbec0380c183226a27af77eed626627312a
SHA256789750aa943fbed9235ba6cdc4c65c6e1bc64877312d4646a662720e9402d90b
SHA51272351d306dcd6d9fc41436d200bf157b35aed6274b24383ed340639582c10bbb9309f7a19d3cb706387dc344cb4a9d9193407cf22afc087e85467394e239d3a1
-
Filesize
344B
MD553a7398513a2d4bf42409a0b43e2b039
SHA1ac2ed76fe291090761d26e9fe0444689f1a70e6a
SHA2568b04088391c65a10a624a8cc83af7c9a66d9d4f2f5ccf66f481f07c139ad239d
SHA5121c91af99be78f9007815c3bf09cfc560284b3959001eb056a036e6ad2b266fe6131ceac4c79114ab9ab8dcc6c729b1c7859368e57b4b2638ea80a0e8df6e7034
-
Filesize
344B
MD52ff7b905ef7c736323808c90438cb545
SHA1ea6ea8ddd7160166afd2f9f85bc5dd61290b016c
SHA2569ce86d07f60be904d20fc61179a42ed9f2f426d3b4fa726f673455c4ac518383
SHA512c21c446e70f0533c6f4c940a444c5ede963bc60e2a2d716b297a30c6e0c609effc5a95ba147a9e677a3f26243ccdf0ec5f9bca490ee544dc47e9634243045dbb
-
Filesize
344B
MD589b56faeb3b355fcbacb38b403d69b9f
SHA1e1bec6f5cce193abb07b54b63210026440894529
SHA256822a0999b9e5a258462a95239014a46191fea9b600cb35acf028bb26cc844d49
SHA5128ec31a1b7ee959690aad395b9b291c18ba5bf90022404b13a362f11eb4bb1d03db440110edcf7eae8ac9a7727b2032beb8f398b50a4fb3e113cba493d6e3a2b4
-
Filesize
344B
MD581fcf129d1db078ce88648d4068c9026
SHA16927a295bbecafaf7866eb5171c610b9a133c400
SHA256fcf9c2ca79be95aaed904db550564ac7da14f4ce3b0c2f04a8dbad91f9821b31
SHA512a6c9603c1effe482e463708b1d5c1c6bb130726a2125c3bf11dcb18121b7c5961012ae5a363d5ff12bd4a7e35a7481b980745f93cd4c651a9ada8166eb9d9e1c
-
Filesize
344B
MD5ea7c73ec6864f87665cc5132e22e1eee
SHA164b3ada0ce27a6cf38ec8158b929c1324590a7db
SHA25665291f90a8cc7dbe09af7ce0d8c05a7f63b671cc3977593b59eab79be2444e85
SHA5120fdf1451176ffc48969b7838c6794f4a9cdbf5fa5d75560e24aa75c9431b0e4fb6f93c4249863afb30bf6fea3c0adcc60ef42fe3d66de74f3f3c2e058365c529
-
Filesize
344B
MD5c8dc13007c11dfb729fa790cd04e3b36
SHA124f210dd4914bdcf319cfde65efc98620c6feb2a
SHA256b76cf54891eb86e0f9774d29efe3beb354a2436c503f89dc8f5b70106a9eb1af
SHA512b025363296978e4c98fda103fa454f48c9eef51f7117f0c90193713d9e89056f9f77381834bf255fa0df31178dad60d739da952e7ed2d7219e973e0be328abed
-
Filesize
344B
MD5215c186bd2c6c7c7395a34a3bb18b943
SHA1065346a9232ba1cf6abda30f64f5eebc0bee8e3a
SHA25633a31ddc98f0bdafdb76db0c4d817c4b4bb9a3b7e56d06276c00902b7286613e
SHA512bdb76b8b45384301b7dbb93bdd104519b295b2387e2aae236f1f6842ab5a48f0bf90d4c9ebb20a3ada4ee19abfaa8c1d11a1165bbe99469bca944e820ba34969
-
Filesize
344B
MD552bcfc4b7773b28743854eb9bb600658
SHA1b4a04b9a416f157e18ce0595319113aad6f9b2a4
SHA25613436eaa644a2d5b19a58208a17338b13de3f497ec64b0505477268f1725997d
SHA51211aa13a4e1cd059ffe7f56b5f3da7cc24ce4372b83d9bd5b4195d62ad34cd8e852ef5b9251ee8103d80fc58432db20b038abc67ace86d42429413548f69998cb
-
Filesize
344B
MD553da085ffc47d222eb6a8db7b7671b6b
SHA12c62dc6cde674b853d1e8afb310030c8abeb2430
SHA256107eac4b193b9f43dc3f5be7277b76c02112e634f389d67d04239c1a62b41922
SHA51294712eb98a9f173e065dd210cb9b0fb534295b79b7523e91d7e59fb8648fcfe38027679b2200f9cccc9215063fd6a12f7371b32f13337355816b9573e1674c39
-
Filesize
344B
MD539b89acb228507f26b6dc44c619c4c4e
SHA165b92a51aadea4b7a19b80143d27369de28b3d41
SHA256488145a7cb2ce8b7fe555cc44b1429be95ac45e427002faddc4556628af30f23
SHA512b427144c7e5fbd49718058dea4c363542291b1e7c3bfbe2f9faf629073a6b5f531f88fa0d10b9c01ef998af73d8d3b438c5e8610cec85102ea9a8ee6a286cb2e
-
Filesize
344B
MD597fbbd38b03d107d7e470f14d591a124
SHA1fbd455355433e57fc033b6154bbb1267aad194aa
SHA256ecc18396084c547195b64273826a1b480d571d1cdbf0cfbf6d5907de014c8158
SHA5125ae2ba67e584dd5baa2d86011c941cc9bd377bd31d278c5ae0077541a5a01d23c21579c26b663352bbe2ddb008579a484dfc6b3f603a23f056d90c5548b1a72c
-
Filesize
344B
MD599f4dce726f584121d0fbdc4ae3b87ad
SHA19cd16eda3a7c2c6862ffb7f3872d96a8616fc423
SHA2565ad46977af997d26c4e53e43bdc8533e9721b6b1737a19145c9ec2baa30ac7e8
SHA512e6ef7a236487bcfad71680758d07590c74eeb1472fcc67d6f7ffd0b209abe557fddc125a19db5e1d5a5509e09a2c96719c3a6386a137bf13396e748f604d11fe
-
Filesize
1KB
MD5bdb9a36f26fdf8cd16e2a7e547885ac7
SHA1ff3c4770d31646219551637619ce11c9a56aa10a
SHA256d956a55c59d1b1a1ba1fa2432cb0fd26073213ca50f8a93f50de491bff49c49a
SHA51202487fa7c8b775a08c928430c186d622fa4fce66313d97619d16edb2d9ce99759465896230960afc940ad5a27b74d80d30b0aa7f8152e806fc8709098cd5eb19
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
84KB
MD5edecf326547a172812e19e959ae0a3ab
SHA138d27b9faec6b872063e09b76a92489660c0d4a6
SHA256e28a84dec39e994f7c1b7c53ae7b9e802be68492b31104ce71570d4ddd1082c2
SHA5125819edbd978cf4c507af924794a66631df858eb008f000f50123bc9eb7aa424ec898d6cbdbbf290d222f338f94935582bc06eaa62c189792555bbcc9f14ad4b3
-
Filesize
4KB
-
Filesize
212KB
-
Filesize
212KB
-
Filesize
48KB
-
Filesize
212KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
212KB
-
Filesize
4KB
-
Filesize
60KB
-
Filesize
212KB