Analysis

  • max time kernel
    131s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 11:05

General

  • Target

    45e02382d16e93bdb5c31cd06aaead56_JaffaCakes118.html

  • Size

    157KB

  • MD5

    45e02382d16e93bdb5c31cd06aaead56

  • SHA1

    ce7d7fc75ad6b1e567f03b4af0bde20e7b478f17

  • SHA256

    0dec307ae3c9fd5f3299fdb09d92a322ad250721d4df0c86f7824b708f7924f5

  • SHA512

    c08ddb99ea0b2fa9dfc8533a837cc5fbfd283cfa322594e53a4538dbfbc94bf15b42652581e3d2304bce7517a12729441f56fa0b0ce2bc9179cfb550efbf5f31

  • SSDEEP

    1536:i1RTJuojof+ffj8YK7yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:ijHof7J7yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\45e02382d16e93bdb5c31cd06aaead56_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2176
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2736
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:852
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2408
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:537606 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2772

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            914B

            MD5

            e4a68ac854ac5242460afd72481b2a44

            SHA1

            df3c24f9bfd666761b268073fe06d1cc8d4f82a4

            SHA256

            cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

            SHA512

            5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            252B

            MD5

            b536ea0467bca3643fc0e3be1c128b7c

            SHA1

            f31fcf8466c21503bbeb7d4f558d7e2e3992866e

            SHA256

            8dfedd125cf3461ecb40ef66b9313702d2bd458f2a749c3b0b106af54d688627

            SHA512

            92a5e7606384d5a518beee9a8a1086c09a56033b3045b4e6afaa7f59dda286315e4afa4ed17c70492f07dfeafe0162b779c503ba254c19d2cd3bfe107630efce

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            ab1dc53d531bdcfd6ccd81f7d402f619

            SHA1

            a308e10dbf393f62b8b3148ea3ceeacdf90e289b

            SHA256

            2a1e0f71ad5fb03076d383ccc7cd1091a7acfe2b03dd73ab4f5f91c0a844202a

            SHA512

            991592914764bb7fcee41c8038576b272a50076c924a076fb65e44e93b8bd9fb41a08379c2754daa4acdc1169f09b1ea33a01bbe4f9e9f5c67ea450f3355c3e7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            aea16cf1b64980495711a06e504391db

            SHA1

            2b2285c5e9cb64f4393de212cb54436771847533

            SHA256

            31e78d2482b8b3dc91288240dc86cda177ec47c20aac7aa9b6c25dcf960fe56f

            SHA512

            869c03efeff197c001a401f95c2096b64bf436b6230e7ff8d39b17169ae83a61662f528de43ff0cef49a860b983a2916436af31cf32ae17bad36a4c8e7047b63

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            f3ca3334aaef30f057c8b9d50daedd86

            SHA1

            d5a3093ab5672600632edb0f34036c4c65abe509

            SHA256

            3ab8ea15a3c297a743b678eff9c083b168203f9a39e39a3f13f668ae2a125097

            SHA512

            b2fface2c9a2e4088aa7782f1f1c37d6526a67339a264a1b8c36a2c734afd59e79228a2e63b6d30db174bfd012be9d2873e0e417e43f7f273de9c42e5e4378c6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            09f406c042e9d9b0eb3de6d7a60d588a

            SHA1

            83f01f77816fbe499e6b39a6b9a6cf88fde535dc

            SHA256

            dbbafc92c518e0a80f0a1b840c153b28a8803903c533301a10fdf1e6dca1ac7e

            SHA512

            1be3168c741c6053202a3fb8de712d0f7919a916d9d9bfe74ab19c766ba2863520038d0c96930b533c8f6c4a1631e121b053e7fbe9427ccc7a8db64b68e219bf

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            c1ac3f074d747028af8563811e37e6cf

            SHA1

            1b4780f1b78a71d686dd8c71fc1b82c3313cda67

            SHA256

            c8d0857ed93425121d671f9026edb2c175d6512431e7eeacb4d69ae5aa844e95

            SHA512

            6dd2a8a27bc23aad341991991a9776e4e94f4cd3016cfb5e75adeaccb4e67e26b24fa5d8d0cf8238e947aa943a7e9c6f932f18581f4705a072a97a7c09a4bdbf

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            999dd9d040eab731476beee882bb57ad

            SHA1

            187d3b50f497e1b69a048271860ef94f5c140e24

            SHA256

            e898d57cb03802565545496490fe776cbedcda858bc63fae682126342ab3bd91

            SHA512

            5fc4aaf676602102a92da5b60c80d7001d395328302a616ff44b767569544cd4b763e5eb8f12f04a96384f4f481f9fc47c0fdf947e1fa2ff507000e21ae34c6f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e04153e80170dc077f1c36afa9c50499

            SHA1

            19719285ad5ab60a07ae3164567ec23b1a1d0eb6

            SHA256

            09050caf0e39131758bc6806bb138d6c9569d597817c633eeb25a9a7fb3eeb25

            SHA512

            32415c31cbfd5f156c3a2914d5cc912f261596471122a3db692eaee7d0386638698ac185123fdb235eb73eb47306ffd8ce9c50fb08aac0856feb71e0d254f4a4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            cf1160ddd498322a5602a8c404aac904

            SHA1

            070b027454554748dd8451da30e2321e83b82969

            SHA256

            6a19122c057677fb7857f1b08b1a8858a181e457f8ef7111c89e6013f368d1c4

            SHA512

            c1658eef5d79e595d7cd2fe388aa62d9cab8cf62e199ac817e153c4c16f23531a2e79bdcfdfa168af8c6e490f491fa18480dbccf90e81a4985fe0f666c3dc04a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            bdeea67f66a69184b518ae8e0bdbf666

            SHA1

            439406f073ebdde49248283022c7712339df3cc6

            SHA256

            bad11635fb9406a724c028f9367e19caf1aef752df81b7e3a9767155ff2f4f00

            SHA512

            57139bc8c789b883d9d16e0b90a91cef10b77d15463f5cdcdbf853d0a2a9e9c89aaea7297372945e2b0959843aa8df6adcdd503145b6cac8455f2640221d2299

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            05c771a25b69c60abd073c9a2c21ed61

            SHA1

            ce5274dfe33fd31f922ffb267885e0501360a9b1

            SHA256

            3c66d29bd95dd442b682fc77fe041c63710413923053a5af598a132e8bc8ba00

            SHA512

            dbdff62e50051f275ed2f26c589c711f80777bca7e79a7606375e13838c9e1cacca3e773b34f2714329de2cf3b391b044ce529df46f90d86ee6a51214fe0da1b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            2b93cecbd8b1587ad05b7123e048742a

            SHA1

            64228cdb76eda777e0de7f477f57ae9586db45eb

            SHA256

            3f1be64199923b69a1ed569251b052053141c7284ff2ac5b18df84a4d42c8b1f

            SHA512

            208fc471bf0cead3eb9e8c96d8ec6ff24287ba0ae8c5bb693a6c2e00d72f55743a9c56e7708417c7a49f74768a0805d01bc60095fb9cf32e2bb2219ed4649176

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            3e0b7263ea03138e37b5f0ef7edab1e4

            SHA1

            b45cfad77cfd97da8f13238fc0c1f5660260f7d8

            SHA256

            82472bf322ca8b7b66b4d8120434da4a1024807e24f776a6ba326fb7e46fc5db

            SHA512

            291e75e682f05802032d539e00a927030d46f0b4ba0e4af57a9b12cf1b52edf00517a818261e314c8a286ae18ebf7ce40fc70b8a70808b4a4f54a1cf0e93843d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            88a8fa94d313508a720f58e2254f118b

            SHA1

            eb49975a386354c3ec762e4a6428e32693c6f717

            SHA256

            68fc9c2f1892a01232961b00fde92424876d49ad62f3437fb575a43ba8a6beeb

            SHA512

            fe79364eaaa339a1190dfaa5d61a74c110827bcb21ce25314ac511f0c183568f1e5cdfdccf2c7a07cb2299fe1bb190085fe1808880fed61a78706fde4b782214

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            866b919dc4bd65807d656a1ca1635fb6

            SHA1

            29f82db344830563b0c3b454a916f49e6f366c6c

            SHA256

            b3e47c29aa010346d4b865665572672ffc6af67bd9bdc7fa147769787709b494

            SHA512

            4ee11adc7e4d230a1504ce5bf2ad8f7aec2a061a4513c5416ab4495dac49c5968f90e664d55177420321c11e4f792eef9a6c61d55a4c30c9d1ad7db7532d03a8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            4aa963010821deaeed553341a1e79484

            SHA1

            5b709b8bc1df3cd8dad5d9ea43e11fa0fb2ac870

            SHA256

            722890bd9602e02dc155a2fc6b33cc25eb87ee511c63bd2991ab8926d4fcf47f

            SHA512

            2151b2d0d189f8a50b46eb991c138e9730b495cdca51f0207b4286ba21f96f476885052ea4c09d0beab9fb8317de4270a38620819115c5cc9623f741c03c9271

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            7b77b537cd5f10774ebda2a3c3a521de

            SHA1

            c8fb6c27a927838ffc3ce12185265cb28167703f

            SHA256

            6a52398f61700fb89e16e9d3297d551d35f9909e314b9ff20d54028b4d2729d9

            SHA512

            d5d13667b911d3dd0987b5798e4b36b4671e8fed51180c1663872a8e8b99d0431c7b182e6cce86e61c60b58623fdbe8402c10c2cfda84cea20cbc00b3e79f53c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            242B

            MD5

            a3ee214296ba5ac4a8cbbe881ada3f24

            SHA1

            54dabeef28735b00a2c4c358335ad88c1f3bcb18

            SHA256

            bf0c11b2b4367def24326ca195b3cc7d2542fcafb273815a17ade39736b0ae1e

            SHA512

            062cc4037cffe645b49b4b13aec168a472a1912b930a4ee16df3aaf358aa0838cabf23b81aa1b8b3c9bb908ce6b005ba9e73328c6ef6c012b86f6404bbed9473

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZFA7UXO\favicon[1].ico

            Filesize

            4KB

            MD5

            da597791be3b6e732f0bc8b20e38ee62

            SHA1

            1125c45d285c360542027d7554a5c442288974de

            SHA256

            5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

            SHA512

            d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

          • C:\Users\Admin\AppData\Local\Temp\Cab1A54.tmp

            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          • C:\Users\Admin\AppData\Local\Temp\Tar1BB0.tmp

            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/852-585-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/852-584-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/852-586-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/852-587-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2736-575-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2736-576-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB