Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 10:46

General

  • Target

    45cd91de9a805825fe104951d389364f_JaffaCakes118.html

  • Size

    158KB

  • MD5

    45cd91de9a805825fe104951d389364f

  • SHA1

    ffb07e14084148ac4d2a40141dbef47ef2d87b0b

  • SHA256

    3006ea29ebadb7a2e0379e32d1e96a752e3ba067d502be12733b8047dcf2fdbb

  • SHA512

    ea5161c37edd576ea4a08509b22fdfa74ba5975e349dfb656c6db5c094f3636715e30fa868fba53d2c6f7de56616ede2555b13bdf6ed683bc73e34a5bf111412

  • SSDEEP

    1536:i/oBtCR6RTJukJ+BvThGCrClLi3NInkYNs9xuof2lsA1iVNoZ7lv0MEVCyLi+rf5:igSK7LJyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\45cd91de9a805825fe104951d389364f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2928
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1852
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1140
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1720
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275475 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:692

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            c3b6a62de1afc716a67445717b325f0a

            SHA1

            54e06ad42030a76c25e4d604aac4da5da3036d7d

            SHA256

            9b8879748585cbe4660be74cb92563875fd0c921b93acc2617834d7de444f7d9

            SHA512

            04cd279d3d6a8880e009041b52285705bca0403fafdd9f7e8eb11aa4be41194cd2a13ef2ee52b789ea7879d4f51cab090962f791ae62305ce0201ebb9be6287b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            da10225d4398349666b6595ec1e99f54

            SHA1

            fe6eb8089267742c30cd5b79c952d37e9dcc33b2

            SHA256

            9a88085c0ca8428a6ef4717f8c8d59a9704f34ad5c26ee6f0783125df99e95f3

            SHA512

            6edd853048208e147bcc8cc572e999a72847262772429e2126a5b5471636d13a0a34fded35d80735d11e659d54437709e1c9934c833ed6937a07317d9195312e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            3760647080658a6e73b4efa6dc233c78

            SHA1

            f753ff9cbaea840d6dfe68a5cc33af7d7394761f

            SHA256

            0a31a573ce2f7e71609da587e2d5e4ee3e8061782ed6a6aff77cb3afab500848

            SHA512

            8485d0906bf758218a8fec494b0c0839041cde58a18d316a4c6b6643c7356a903ef611df3000528453c268745a4269763e168f544f18e367d7c7ebb02bfea4cc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e2046457c25c89c21034458a70c73934

            SHA1

            9764495434da46d691ba01861f19011a37e602ea

            SHA256

            b5f2ce9413cf08c09a46d4775fc71f35e6b01c45b837d323a086a3aa6c2b8833

            SHA512

            190bf27b461d60dd7435e1d7824c83f4765b8f0cfb3db1675fc1f3c9dba2c3d3830bd40230f4fd763ce8d0b44516cdd6be931677ad295e444f1c52c3b5bbb23d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            ed7943767db68a35fe089c1437c78831

            SHA1

            aab849c063de46960b7dfaf0a5a61738b04f6988

            SHA256

            eb59fdb69c7232aa689628bb0a5f5cbb49514d704ccf8e9c39e7cbe576c3c212

            SHA512

            0bd5f9ba590bdff6fc7bf929bd37514d202a137cd0a591dee6d13e600c36765812be91b7989e355640a7eb4d7ded225712f2f2e1ed21e24269aa88e00e21140c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            3a8e998aa8b50fb51b4f08474af151a7

            SHA1

            1c8b3f4a8d2322c0b40a090dc1c796e34fd48095

            SHA256

            a9c5ace579bd52c50a83182882e3fdf7f2e20bff65232497339d192a786b1d45

            SHA512

            0db50e04db21811963a50806f5f63ca0d28e4f7ecc6264dd6130d0ca996b81f11be2f086bed781c0377f72c99705f6f8ec339fcccbffe7067f875a0a8cd7d5f5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            26ad092ce738709c6fee6a8e50573a2a

            SHA1

            1aac8c2fa6b7e5fe05b1ac296035e865083f6230

            SHA256

            e88bf93feb336784208384520296da0d9d17d85eab12400774f3b60b90fd2907

            SHA512

            e138df4950e26889aaba0e2f36decd4aef669f7acdd606a3c3fe221c914230c54170739038ea918954806ac8e083ee7ec3ee36a56c1ef4711abf0f4d3251eb20

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            92f72c5e9df131a02e34cc5cc8b6d039

            SHA1

            0d1b803a883adaf37f55ed24fb20fd7698dfacf8

            SHA256

            32d54562ee87f5097a80f14292dd1be3cd84ecef2c139e1bc2aa00e61240ad49

            SHA512

            d3bc5f9e89abd6779ad01c39ca6c78d6c6a0196b885a3151556b07b308f33b9cb52372c5e6e54b8ec85c6b0161b2e85412a9ed304dd9cf26849c704be2b311c4

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            feddbe11d12dd4b8d9cce456bd3754f2

            SHA1

            7106b2de347af16fd91b88745c7b1a4dc54c5097

            SHA256

            7501df156646067b4c128487c62485504a60f497d593e4fe372d10cb2e7dadf9

            SHA512

            b855ee77a9ef6140c1cae89b7ab2eb7624fb783da6d1f5fadc5ce85d6bc43765de815fa1e97843384464ba684bd5ce12bc5efcb20808cb0cf02960f080038471

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            24a9dd6e845b3eacc0710d04a9a59359

            SHA1

            233569f598c3350c3a4dc6b95a5d180c94d1de8e

            SHA256

            b88c918ea9a84941413d2ec08dfac21fe1339290db04c3576b033abf12fe67ac

            SHA512

            46213e6758df4eff37317093c46354fd27a7a14ad0a399bd4abb17076fed9927d1b6ee3490095b2f88f0117a6fd3dfb045ad0012ba21f228925eeaf200712d16

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e8cf17cf0c98cda05cf9461c6402bc2e

            SHA1

            e7cac1ff6b1c38a77208db3b41554d9415ef8ff1

            SHA256

            be8cf29257bf64542cbaaacfae9933cd91a113509c909021436a8ea40c1c16fe

            SHA512

            40c0688517c87c2af4a52da540d7eac8c6de042de2eacab5541b1f293683e15a12ffea9ce32baff07a1d63d559d3040cb59975991ed2ab0b6684580d824820a3

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            3764bfafe338d57f004078001fb44c70

            SHA1

            d21de32f6b538b7e8b6334ea7c7d71be0f98d28a

            SHA256

            96b92c7b9a736906a5eb8c925ece2e012117557eebe280df8abe2b3ba612dfa4

            SHA512

            77f2574f3643e3d06e0a8f38d889ade368a1d8f43847080ff4801f4ac19313eafb218626e7864206e922b28cd5a5438f5f66cd66ce7c36734d731bd9b263bb3d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            3bbd09fbcf1d5ffa7857762c2fa7f7db

            SHA1

            1b02af7dd7745b4e60fdd3e89d2d1e6c4f021835

            SHA256

            7da11508ac3ba2db47e79cadd187338f91f8848d2794abf2b941845e959e65fc

            SHA512

            d6023cbb35629041d4a1c011c6d125dd96c550d15848abe42964c3d07a6568b1a32381d8940e1c49c58852fe42ca3e2ad5e87c145073b3eaaf4dc6ed4030707d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            d705182f92c972171d65b11489f75147

            SHA1

            77bc8f238fea82120b9006143cc68571288585d4

            SHA256

            45928f8f20e6d39e0cf5a238cf55b4e8d394949cd3326c856e9977b69228e4f7

            SHA512

            6323fc0d7ae5782f181fb37092237235c957c71c491f45adf78026c60d0f5ee8e31a3ff0b4792660ff2d4d649eee414eafd5bd793e41c3b61324a0b8f5852b07

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e6795a548f425a942bcb2947d99061e9

            SHA1

            0e30f975e731df834b46e6d3d12cae0c1a4dc501

            SHA256

            e13571726a7bdf24f62f7458f1b6c9a8b9369584f717537d2e9ef8f62e24a595

            SHA512

            1c16767a71928267390e50dc9ceabf14ed7df05f1e75dd29722d95a402c32534f5567aa39f79ca7c8f931742e96c74f74375948d5a931aae9c9cba3ea178f2a5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            b3d8e008318032209d3f91eca2442c82

            SHA1

            6e602f0151e813b797ffcf9c4512ee3c285ef0ea

            SHA256

            472addd734b0f9efd006d0d64a0dfaef017ea79e9211feb4849470753f861396

            SHA512

            a5cea9b9601363fedd563ac6365315bfc8c85b444f33b2e008bea8bd75b1a6a583eff5972822a718a7037e69064bb878378dd2259ec9252201f873c82fddd8cb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            da6e20c3f3f6956a30bed9275fbeab04

            SHA1

            e77688ab6f823aa640f08696c9197905f805ba91

            SHA256

            a7f458bd4ceb975e1c228c6d657edad314e1eb7650a52718c2602b3f1511f217

            SHA512

            ad5c3899dfc57ec00d6d19e7b8c3d8f685794208776c399367f603eaf3b401d9d360ea96066dbf678239e55afbe918b8572193cea3576475658cf4d337d42917

          • C:\Users\Admin\AppData\Local\Temp\Cab25CB.tmp

            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          • C:\Users\Admin\AppData\Local\Temp\Tar262B.tmp

            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/1140-445-0x00000000001D0000-0x00000000001D1000-memory.dmp

            Filesize

            4KB

          • memory/1140-447-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1140-443-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1852-436-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/1852-437-0x0000000000230000-0x000000000023F000-memory.dmp

            Filesize

            60KB