Analysis

  • max time kernel
    149s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 10:46

General

  • Target

    45cda08ab572199977b6ce50d37edcb1_JaffaCakes118.html

  • Size

    132KB

  • MD5

    45cda08ab572199977b6ce50d37edcb1

  • SHA1

    b42fb60e6d811981cc480b28811af3d78cb44fb8

  • SHA256

    0987179c75dbd27b5961b307e5b60b6b22b4bd8c2dbacf6b40934490d7cb67e6

  • SHA512

    2421d7e8d0c2a9cc9b35cbf050fa299e62f630fbcaee1f813c5a508ba319990f243567be0f14d2cb8f4cabeaee2f48103de3866e77e72e0a505e5df13b5fb9fe

  • SSDEEP

    3072:S7LL7ZPPE4yfkMY+BES09JXAnyrZalI+YQ:SIsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\45cda08ab572199977b6ce50d37edcb1_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2304
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2940
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2572
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2936
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:209934 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2596

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            7a5017b17fce656ba041e5b72ed5715c

            SHA1

            124cf44f71d9447bc45b43146d764d815dd1c53e

            SHA256

            088272038ad3c22d14a3c59738411147fcd863e4d2ab05fbbd8d8e0a4282abc5

            SHA512

            7132c738de17409c2f9a53b6721f8cfea26349b8b6f5a15b876ef0fbb438a7736d2cf692e97b32552ebd668e1e0481d59b1597623d6a212a3d3e92c99d392e17

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            bc51da7734c42668225b1494d89bb60d

            SHA1

            15c0849964b6fc3b6dd4d10375295e36ad2d68ce

            SHA256

            b6888791f5fb53472dbd877eb0a385fb84256a4ab2807f08112c76ba2a04acb4

            SHA512

            36a10b7ecd2302bcb48b6edcc4263deb44d33972f4f8608b2ecc957b638420d777ed6c577c36eb6c8d630db3ecfeabbb43eb5b1feacce3fef69959a5d68ad8ae

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            f758d84d8daace43a32cc96266fc9095

            SHA1

            7388498f1ffd85978056e73dd51d288d063bad8b

            SHA256

            1f6585f17a7440c2e8cee05afc4efca07b2ca5f551e9f9090b8863421b6b1257

            SHA512

            7098af863ebb52f0678f1584ece17780d02a731ef08f4d1987157654417ddf904f009856e906909511ef49c61c750539a551d5e926dabeb6acf95c14bb84a019

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            0b28bd69422df8150f565079833185c1

            SHA1

            637f62cd58bb23c2e7b61fbd5b50f4750624a0c5

            SHA256

            6ef0995a79c76c3d00db0bceea0f1daca6c2d02f6d3d881349e6d3cae459e542

            SHA512

            cc34434fbc439a40cf7b6bc48cb7d95e08595af6d963308f8a5691fa2336e1639b50a91b35834fee9b57a730a0ecf8fdf89d3d56ac3d6ec00f21620c4954b738

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            ebf5f0b0f45b54918cd91b8f9a9c5fa2

            SHA1

            56f9294ed0c4330e6efe4ac3dc8e1ae308796dea

            SHA256

            4a32b15d65fc3f8a93a51996d4df6d5f975f0b0b796c8adebf9a343f278dc01f

            SHA512

            710bdf3417e377c2a05694349df4d9da226bec823d2e040fc31032d60c42cd84b5ac02fd90eac9ca53507c3c87f90c4ce58d3494ef1a53c7f3c349213944838f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            4ffa322fc4409d87ae311ca09b034317

            SHA1

            bef99a8b651659a49304104767dbd945469139f8

            SHA256

            2609ad3663361ae5baf9a305a0ef84dc5a682a01f443178910ebc94deb3ec673

            SHA512

            5b1b6e46ba9bfac0e00d1cdf59d1fe8ec7fb171ec2f92957667320f17f639859325f42d3a45065de51be26ae5f8f93409b93ba5bdc1d453207fe73350afc0558

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            f9c3a6099b96ffee5aad729201233ee8

            SHA1

            6c066e1735a820e83d0a9039197d5ea4db53dc5e

            SHA256

            dfc019e038b324914f4362f9c696bb39a39af2fb2c823c0e714214911fb8584e

            SHA512

            8a54871fa9f3630196286e4c3bca448f5151ce6029c8d6c6bfd49dd852c3d8e539f395c5c16cfb7c0a79e2f313b084c719ab3779b6b3898778fa08fce2c24b4f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            8c7cad899d7cc36b5f8ca0b84c2559b3

            SHA1

            1a8b54cc5bfdf7992dfd1924bf5dd087eb80670c

            SHA256

            c22acbcf11be5ebd98b68f7602902f910b8c8f9556c5f75eb5dfaa58022ecf8d

            SHA512

            27e91816326054403a2fe4cdf66e58fe2cc210cba293042e366855698286eb11ee6952da1fc6228b7672e3b27e1627466ccca1c5023a8dd14a1de2dcbbaa5afb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            3333b6481018ea7f770c2c285806c9d6

            SHA1

            2ac6f8dee28fcb46d0cd3d812478892b48301c47

            SHA256

            824b50773bd32cfb88107a2a3cfa44af543710e36444836e5d5bc1c925428065

            SHA512

            f9db89d880e3d390f630e5edeab83417f71e90c012326c823431cfa32c95b561a72caff441730be07e7ff048a5ae57bfa37ae9516e2e9abe14365b895abada1a

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e704cae84f2c05a93e440b501daf4b84

            SHA1

            b55a641e0daaa5966f9ca7dfdb8b894224c5b17a

            SHA256

            c62a19835d0a455005cd5599af5fb26a4f04250f6235f71524593518f6d8e41c

            SHA512

            15e00b59daaedb89bd61314efbfc75d5626edc1d38467344e0fb0d5a097f31e0e45baa47b2c3314bdfed281e0fb7b583dd7c503c3fb515e6836e95220371083e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            41d3c948dd53cee5fa2b8617680b3b1e

            SHA1

            838716d7beaaeea6d2e4774e2521cb30a9bf698b

            SHA256

            d577c9a5e3414516b4587b5b34f528cc1e559064fddb4a4e7747105e51797c91

            SHA512

            3188c6975b52b294d6683f023166359ec0dfbf92f7feeb2b29bbc000c98751ce2faf9ce01db7d3a01b7af8a6027cd4943539d184008424155583258e636bc779

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            0a5fc5f11078f0ba8e71fd432d1cd49a

            SHA1

            0c1800d571a7c3797756ae1bb0b68caad9c0e468

            SHA256

            a833bec539cd6f4d4d782f917813812a176c339495e576bd7f55c4389cbefaf1

            SHA512

            1961ffe21ad1d59fc1139e07a20a1c668fb3ce41c398fbdafe6c281ee5f661a164706301d0e2ad8922a34264ac160c3e1cd7b97c3215ccfcad860961c09b7de6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            7cf1519698fcd8deba6fa79ab4d93e30

            SHA1

            5c9417dc2ed27a40f69da76a464cf19a343a27b2

            SHA256

            3c848be0e18129e1a3e3bd7b3c1dc2335ee94c31c561171dfa5b8506a901b09c

            SHA512

            9a522c48c0ef55a2d3ec13cf12691ebfa6102ead438bf617b450ce133e9ca733cf2fe65348ff29efd575238c8f1aaba691b0bd0110eb355690b2c78233c56365

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            db5615fc825ebcdca74cc66b9d1d4952

            SHA1

            003e03284a58ac9ac98e0ed80bd2dbc258f6cc74

            SHA256

            69804abcba0095dc4784b45bbe9fbc7f5717f7cac9a29a5ffb80f862a6d2c3de

            SHA512

            300608c88b908e628e390a417159c57239619c22d3b4e42b28acc3b66164c5300210d83d79db327599613c9288370a96bfe8baacc167105bd227ce3afa60580e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            8881f36602f17cde0b5cd77c8136b1e2

            SHA1

            ca26242efd63c9cb78da560114bcd5ccaf3137db

            SHA256

            f9971df473ab3d35c32d5b8375a0bde268e968e9554ec97ec556f6fe7a7deef6

            SHA512

            aabab0fc6718e7541cf9bad7d1e6a9066be1e77d983030ab4a1738af7720fddb0c7bb58ae55d0eaf6e9aa6f6911b3cddd69aa4926ee26ad3273fc4afd972deb8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            f2a3f8de9c9a74464fbbce2efcbfaae5

            SHA1

            4d3f9e8def5a325bc47e8f569f9211e17d48ebc5

            SHA256

            b1296ee84f83ba29c09f1dd70d8b913756daf35dbad0b398aea733d3000dea10

            SHA512

            79745ce87dc49c53f558141d388b5226712ddf60b30908d39c383f33f8cd0d82ea91510e32a114f0424ec2b8ddd4b203cbd2a4c9e83c8bae5c41bc36c36adee2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            a370facdfd7c1e44a114b1e42d5dc6ae

            SHA1

            05a8c5f1e67c6a08f4c26180fff7762954ca8ad1

            SHA256

            043e05009a76c4f4d3c4d2bcc67f285f99b6064e57d01dc90efd0bd12bd019a0

            SHA512

            af85a93f414af070e94f4603c40c6030cc356c61d50418da294537a1e8376e6fd56a440077ce66117a5c2d308379b12184f87f159f6f3c5ff68bdb5760b585ee

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            f24a76ae943f2d33bf5e33837e15f803

            SHA1

            ba52fd8adf240c043850d12fd5685f07527b9c8f

            SHA256

            8429f8df8d19f916f784e6d0315c7fd6cee41e63bd892b0f35d78108ad957b11

            SHA512

            353b4971603137e196a8075079abc3fa97b6070f940f6966bc6e1f2d5758243dfdef0b5f3cfaedc66c424ded899a3f98b78bad9ed623506a7d927b2057fe7afe

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            78bf362b49e3296c22c770eee7135a1c

            SHA1

            4a8548184923fc69658ade3dbe1c2ff822f5cb3b

            SHA256

            a133bcb78f6a04b95d5412507d1378404ab04b674b3396975b923b3522fe829f

            SHA512

            fa51f03adc49dddc8c3a36af0e6e760683103c97f509d9b47784ffb29095707fc9278e0c2c1d9d99d3ba5d06d4d7e2d821cc58daeb01e4df3eb563fcf2345039

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            5ccb6e8820a88da9d4fe01a63c35aa8f

            SHA1

            9629bb1a41ef0d4f8e3f3f11233d89f7dd9824a2

            SHA256

            06e2d431d0898fda50211114beb2381b057a4b59cde80ebc34ba199e388ecbcf

            SHA512

            f99ec0b80090f07615f8a4d9e3cb0ac78c7057b02343e099f957de497b10048d9f78193955aa7174b77211b7811a00dd0cc72e33c7e6bac523442825c7de5fd5

          • C:\Users\Admin\AppData\Local\Temp\CabD818.tmp

            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          • C:\Users\Admin\AppData\Local\Temp\TarD9E6.tmp

            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          • \Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/2572-20-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2572-18-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2572-17-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/2940-6-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2940-8-0x00000000003C0000-0x00000000003CF000-memory.dmp

            Filesize

            60KB

          • memory/2940-9-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB