Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 11:15

General

  • Target

    45e92029ffa3940e5ae17a68e7bdc410_JaffaCakes118.html

  • Size

    116KB

  • MD5

    45e92029ffa3940e5ae17a68e7bdc410

  • SHA1

    2f47604e7439efc08cb8a34c2dbf2227b7c3db13

  • SHA256

    7750991c4db231bf3879d2cfcf522b3cf78ffc705f7c8d0dbe9378b57ad80060

  • SHA512

    73bc839a7f041137216a3fb76305352ccfbe2a7f953e6a357b5add67ed78b2e77742bef2f85a960984f1fbe89a7d65cad55dd79538f5e817cd8a66411eb2d341

  • SSDEEP

    1536:SQbyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsn:SYyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\45e92029ffa3940e5ae17a68e7bdc410_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2628
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2640
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2544
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:406535 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2804

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e0ea2cf30b8f77fef9268556513006ae

            SHA1

            19226a076014d0e9132c33539da676a90d85406c

            SHA256

            72bb0a6ef56f3b202a3f42b216212def23fef5da7d6a8211f9e09aaa067b5296

            SHA512

            a22435701d56541ed71563451e1e6b71cbe1cb66e55518a4da42b158929683361bfd8d5b6f2978add71021ed900cf804d4fc45c53c2f3fc2e1c76a4d58d96cdd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            513a57666443336cc95e3ee896930929

            SHA1

            0aec0ddd9c7b5284c843d91f12cff992931239d9

            SHA256

            401a4479fac1d4a282e997746a5bc7c909e1652aa18c6e5b3cebef5508e240fe

            SHA512

            8f4aa72f4be8d26cfc4c0b8e87a3da87f1d16356335443543ec33864ede89ae0e493ad39d480f5c16879ab7d63e816676a47f3b9f90370f04be74f62c71d7f72

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            358808befd25a35d9d945b52e108e26b

            SHA1

            d020d9cd71088165a98f6b0719b3bb4b01e288a2

            SHA256

            2bb967570fe30c05066f759a1c8972d336a243a7035e45abc446b7a4a845273e

            SHA512

            872818a20619b11940e980093a67a35357e49a89bbb7dae91189fc7a28b141654ef5e01a5864e4eb40561ca9001cf34059e0e70231b991eb19d18089ca166d97

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            66fcbc9db2d1faa1abefb3606c138116

            SHA1

            d152ab5542670327a72e57618d36420d67b0b534

            SHA256

            da5f38ad614e33710fe0b56af3b88314ef55dc8a161d27f805eb892eafe95391

            SHA512

            e5f1391855fa87d8af9fd5aa357b417112e3bb3af04e9810eed9658dce170ddca9def43a75990ab0470d0079d76ab1b1aeade461b07f98bbaf0553729fc00ed7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            b4fd055f650d352502fc09d4e0034128

            SHA1

            e30a62a63815595ee64a370a1b048713caf16140

            SHA256

            b2f456a7fbfff18d2c0391f1c6ab5a3507b869bd047218bf13ef2025668fa940

            SHA512

            723e5590561c9575d481efe1b20c3deaf4e7c089d27e8e6d4af16a8af81dcd3192418104ee08b97cc2d0781775fa97efb09b15390fb449a41bcec45434ac0256

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            01ab3107ddd69f87652a615805648db6

            SHA1

            6dbbb8ad925f1228f99df8e859fd01f4c8d0c4d8

            SHA256

            02308c6f987cf9b463ee44f8b986fd3d7e3b780e4db313cef8316b3a6b73f797

            SHA512

            aa00a569aeba4dffbff7ff7b42e32349c2dbddf8480c415d89971f1bd7892649c9d636da7a1184e9b577f5b89e33d0cbfc05db362abaaf53f595fb73099ff75d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            c9d2b0a3340fc504e11956df632bb049

            SHA1

            17355985e6b3ab10b6d540fe7fdcfcecfab13975

            SHA256

            865596c8ca8c07b44786658426058a778f77f3030feb864894abbd5eb99ce883

            SHA512

            521fdd5b2b0ef68c941e16e69da7721c89e8ecad4db3a0616781c0d2a67f52d243adc307e7b05a213b8fe9e866289db2eabb60d0032a07caca9f39a3dbb174ab

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            02e5ec6a0baa8e2442270883e3df6061

            SHA1

            86cb00b7aae82a57303a02dc8eab7ae4cbb8ddbd

            SHA256

            67545750c532c6264663c94b765343e3d2309257b2a7fc042213e3de6d6c7110

            SHA512

            f9e4c865c2c31b6c93545efa942bfe0f508099f9532a1008c056a5fe7d4c3d959d6efc03be661b94b9fffad292e822d7d4e9d282f471406b94e166a8da8f2de2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            2956a71757625c83b643fa02e69ef7aa

            SHA1

            8bb44561fbcb730e9918495a81529582e02fb331

            SHA256

            5286f5db733905e670be7a6923a84769eefe4d28ef3c08633d25928800ae1745

            SHA512

            12a138c64972b28799f0fd8b0193d94935b6127b7e1d028f60dec1967ad048be8996c5c8af33b287b1da81dccb1adca2dcb9039efcec3a067f63656e907160c6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            8b5df50c739b241e66966485ce76d69a

            SHA1

            477b5554853a5db31a3331943c69a0323d194b61

            SHA256

            19a35b3537c797bf40aaaf0ce2a5a866cc49ffe9cad240cbaef55c4886b2d4fb

            SHA512

            61e5497af14d1f163241fd06a1c0b7283ed5d6e1ab8a1ea3660e5b87c403419045a5dd646734a0a200c84d3b6c551a7fad70580ad84b5a6031c0c83d9fcff1a8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            406c9338a3f6330c168cda8ce5df3bc6

            SHA1

            1d331811cb69505e68b529a3ae826c19c8a9d1e9

            SHA256

            93175506bf9030c24a0d9948604d31f259f64418e70543e6040fde311273cc31

            SHA512

            55a197badd716626eb6c2e90d21c1f772527737015dfbcd1f0e66f7ca88d27b68c07bc5abac7f03d81c98fa7be00edaf7749192432024c39a97a970e2790ec92

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            71c42caec28e0749a2afbdf792f1a0f1

            SHA1

            7cc2b6702674f54d1ed14e87c4aaf808c56d2043

            SHA256

            62ebea2ea6dd44279288906d72b28b28e412c465a30d9cb9724969dd274e0920

            SHA512

            e8955b8a6da1e5faa06a43b5f603d14368ba6ed3ae1c2a3346cb8575aad1480c64ead70b6dfe6be81b55a84e0ad9eace892df9538c3d3b6cdbb23336554b6d8c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            726ea0b6a696b157bc5f234ce9dd1dc4

            SHA1

            df413527ac1aa20b9fcd823a66d4eb7399d33b67

            SHA256

            86225d142ad27970dc597dca68c43114bd8df43def1cca5a06bda7476f7d46ec

            SHA512

            88a89c3da456c8fa588c56818a4102297ed65a26bf2ba7df4b23e414ac8456badab80c787da948b358c5fd8b2220a982b6cd2aa95964ba6b8e48961bad189ee6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            3b5f5958d797cfb6b42d99630fd7827d

            SHA1

            94602c83f06e77fc03b8b2f6e6126cf0fbd62b59

            SHA256

            771575427e79c175c31c84166b95ff26527db919657b6243f601ee706f1cb235

            SHA512

            316b8efa027baa261808a6ebf1fbdc5815065fb65372fa5a64d6ba814bacc6f79c583e6a9314154cd33a57b92b9b731bf9202e52793aff31df204f6788f129c1

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e47107a373c5f3894e0f0d6ca05e23e4

            SHA1

            f08003f38e0efec8504827cb2adb5963fa77d52f

            SHA256

            7d07df0143fc3084695cd68bd3c410e8742479e44632eb1aaf518035f3272066

            SHA512

            c068b8c7d79bd682ae73c89228add26e247ae233adb200fcaba71d5021031fa7135942dd64432f55d03aa1ff47afcf93bfbaf6e4934e9df1f82b8338f258a4fd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            d6722113531385c86ba79a9530030ea9

            SHA1

            db47c50158bcb5026f5a31b0490ab3f92ec39990

            SHA256

            b6a7c4c4123c1d4f5cfd962cf53c6f55c005aeee3b98fb7cddb92b9bad29e136

            SHA512

            d396265b49b5808da240792bb1c13339bc18f1e88a6c77c1807a635ce89b4cac15cbf37ecebdc9856cea4fcdc5fb656626ce16fe6ede7b09865bfd33e78f34df

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            6a7634f98d802e081e6e002b17b50b98

            SHA1

            266ac24fdf2c34cc4a520a9d5d2b375090ae74b4

            SHA256

            3ccb4a117fa4860893bbe3125653ae3528df1d2da2f79fae41215c2bceef2753

            SHA512

            c3ce5b07a5d50dd6fb05617022d1d09538b6a4837ecc31466daa243b1f8d9cc2600c06d08f9f0a7d2b98da5f5188043af04f7c3dcc890c17dc5fa2872d753bb5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            106cccb1502a42c0d660eecf91417939

            SHA1

            4623930db64a5cc24713d0df0977e26d983b03c5

            SHA256

            c8c653b431e61f12c59fa3b6cfef42007734c0993205332c9d7872aab1252f16

            SHA512

            8869427246bd27a886fbb963610ff223e444fe2de46076f98f1cb2d47b363df83df7543c547807dc2ddde7a1c6df13e3e5c1c1f6fafee82e28870f98b5f835d7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            748eb47e1a9cc54bc980ddc2f65d963f

            SHA1

            a90cf38a0628665d408d85ee9b7e823fe37d31b7

            SHA256

            57f95b4181babe9a4824855eaa6d4b06cfb8fc20c3c1b55c7a63e7eb6fcf5749

            SHA512

            45b4c06c5f765658e8fe7c3f4be6276b9401b87f88df865500a7e9afcbf6ef22560cb660a8b76da8dd61724593b5593883e8324cc563b4c0c3618b165a97ffa1

          • C:\Users\Admin\AppData\Local\Temp\Cab3390.tmp

            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          • C:\Users\Admin\AppData\Local\Temp\Tar3402.tmp

            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          • C:\Users\Admin\AppData\Local\Temp\svchost.exe

            Filesize

            55KB

            MD5

            ff5e1f27193ce51eec318714ef038bef

            SHA1

            b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

            SHA256

            fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

            SHA512

            c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

          • memory/2628-7-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2628-8-0x00000000001C0000-0x00000000001CF000-memory.dmp

            Filesize

            60KB

          • memory/2640-15-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

          • memory/2640-17-0x0000000000240000-0x0000000000241000-memory.dmp

            Filesize

            4KB

          • memory/2640-19-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB