Analysis
-
max time kernel
118s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23-05-2024 23:01
General
-
Target
6c8cee1dbfe42635b1eedc7272e7ef74_JaffaCakes118.html
-
Size
128KB
-
MD5
6c8cee1dbfe42635b1eedc7272e7ef74
-
SHA1
d6e08f7b845523592bc0b188e20ab977728d42fa
-
SHA256
1fb57f3dd9f3c2d6cf4c11bff38eb854fb465e37665b8abef2a84ede1f5d1e3f
-
SHA512
5a9700c08a643babee8ec5db3bbdcd9190c23d7240bdac373fef4599a8e7a6ddaa281a3b60b08a87e788e15b8923ace864124f696b59bbbccee2b48a117ea817
-
SSDEEP
1536:S1v6AzlCyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy+:ShzlCyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6c8cee1dbfe42635b1eedc7272e7ef74_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275464 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5101c5a977cf30d99aec999ff578e2139
SHA15a6c7b01d8cce7aeb36e1559eef290620ee9ce3a
SHA2562c4582eed59dde2ef68101ff50e4d0140ef06fcdad06a27fb4b33b8529ba1788
SHA5125055421fe97618ef9adb6e42faab547bc4371abc6c943b22af963391b611607d82b602c4a6c0536e779e6a0a0fa394aa7c299e220fe042284d23841e4f861dd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD517a6301a7f1a3213d06828b8bfc3ba84
SHA1efa61f5d5f7f1d42e88086cb91804e2b4faf46f6
SHA25610b240009f36fe45c929eccf69317f1f60ab20bcdf23fc8acf23b967450f1a52
SHA512e21de41b781d9b584b72d403feb3767ae3e2dc8226debd0d758f91bd754f77e572ae93d0f089059b70026d96784fff03ae389be375a4b7b0c18a377b846e991a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b14afdcb22b7a8b56822a05e5c037c33
SHA1fcd538385586a339a497d27a5da6be712805ee29
SHA256d86f6cdd378eff51b632e43810b2961d55d1635a953cc7dc10de6985846f5020
SHA512104766954b7eb79aa689f98b6a9d83d710a2659ab1579e1ab3d9a163b4db6ce1471a7f54f9f10756ece58a77267e9686c14e6e375df5b63165c8da154a0716d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5bbb095ca9d4299472e3e5b84627de5e9
SHA1f3839b89682750ef86e332e88e4947252e9c7cbb
SHA25668ffbf61f0e98be0321e2d58ff25808e6de94daa20ab7849ab542f97bf4b92d9
SHA512d3cda2ee28e191b5ae5552034caeda434c3ac6976a22e65c9b135a1fbd8c5329d650083ec54de11446918b735f0c116f1d5b35755c867f3b6e0a15fc007776c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c7b146f4a3b8b8623e8b41c6267a5b24
SHA17061531285516f8bfb3950d8031d7209f96dabfa
SHA2565250c48a659dd0e98c9485f7a82fe8e1cf6a05c7245df5946339556c34470d56
SHA512bfa19f5dbb0c6fc5b94198c3ec04369dce2bc226f3be8691caf68bd346bdfcc2de8b8f1ca38799da6e3815f03b676cc3cb24dc32cb10a9b41eca474fe06b2b19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5a6e67daa80c2aebe5de5604339d0c0fa
SHA12d44965fe88ea65905957e5a7b3136aaef019d8b
SHA256acaf11b7a9ae9924bcdaa15ec482671f4de73cb592af581493432b9fed39f988
SHA512fbaffa9a017c90d075d11788a1eac29dd6d35ee5d18ba2dc6d555f798c7a7659ffd4dadf7b26491371e7f6a81e19dddae2b3180c2ed17d1b7aa5d673d31b224e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD57b5898e1496e1839af08d343b66384be
SHA12cd670ba4837d28651016cbf322fdcfe4c38c405
SHA256648dad29c84e7d38ad722da839c5f326e5d3bb1288125bb5ac90199f141da999
SHA5120e4b1dd7bfa08543a60c6203a31c78cf8571ca31302eddf541471b8ad61dbc5a92891ab148dbae82f62ed4c351ca4138e36dec15d6937c1e14570e9f9b09429f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5196fa995fce46564671bf16be46f0db1
SHA15d99e61c2e0023dae4c520262474462067a7a569
SHA256b8bf6f3eb06bbb729a1a83b151c87856981416e00e11ba0ce07310375970f7b6
SHA512e3a866c2d841c7622bb3419659bb6ae4464c1efc984aab8b189b8c2e030c90e2a87bc2a4999726f158f94d143413e773f73072c42664869823b25d41e545aff7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD557f696e4d4c912ed53a3da72b4845538
SHA11ec41295fdb61a2e9bf2e44298c2e832fbf1f341
SHA256106216cfd812da450b113acfa9493b6c532c81d003f2869d1a9880b6e65d1250
SHA512529d92898ba10dcfbcb9a28bc4fbc2b33db78cb1ecfab13b2e3eed53e5b508a86aa82605133d182259c355a951769b09112048acfee1bfc7563796f2fcc05f17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD598765e566c8ca2d91e89879814547cf2
SHA1022184a786d8cc2cee8954c869b79e0cddce971e
SHA25675b8a53dbe95f164093d5b58c143af857bd7e473bd59bbec512f02eb8459e276
SHA5122f15c81110317be43ce31c2dad0d1b8f7dd7e4ff87dd21081a4148dc32cd4b12a3301c061227bc7fc226fc63ed09195fd360ca31f51b35efa1a57db08036e453
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5ba30264fb00c254979c1fd49bfb2b903
SHA186d41a63b182faf95e33115f8abc00af82e2d1af
SHA2561166518daf28654f76fd4a5e73edabc63740af290270485faf69c598032efc16
SHA5125abaff7feddb91ca24b1b4e7fdf5976d680ea5aec04e4a23a1344281dcf7304061d6b0b70ae2921d5dae883dfc1d221eda195f4f92453dc117c926dacfe71acd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f4ed21b9229dc662b6b30efc33180fbf
SHA1dd245e38dc2a0ab005da4cba5a87a95d5d44f67e
SHA256798618c69972d6c41be2c130bb8d94e4d926b088c6199a256e087c78254deb44
SHA51207b590623e2804e0f5af48cc36a74d1e28fad5b89351c42913fe8288c43827574798c3db70617647c364595f2c10f1254b0454c0c5debbc8f0727aa1ebb71a80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD55a59260b441006cb648ee29cf4a315eb
SHA145b9720f6e16ccaa9171f145dc40c991c31111d8
SHA256a3968d5b494b91f5d3b7e3efb7340493a514495c6446b489c3e840808cfa47ed
SHA5127098f9533ab343f1b613210ded991fbd38b62fa2502e1d8118a3fdc10036ed55f580d1d50d7c242939c1542a6ef8b46803763de756901087809c0c5fd517d994
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5d361539eee1c38ebdae4b5c8b56875b8
SHA19c7de17c915f98c1f5768d1caffa7b7a4aebcf20
SHA256228b132f29ffb953f178c0ce5679f357ca52f53f23914f3267c48041f9e860a1
SHA5127a68616d7c675844c69df4cf200180c4fdd8b5998f5fcb76fbbf08f8ddabef472512c7c127ab3631ec98477b0a6110caffdb2bca3cf28db8d75fcb8437344e1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD52aedf91da281f026979054b3f4e3ec56
SHA1d61964bd6dde780f2fb900ba5140407741beb64e
SHA256d13fa077ae83a21a4756cf128f9720ac9c44304e6ba1d93bb46255a5f337e113
SHA51244991a8b4162a404afb6fae83dac40bc7e8669ff2dc80586f9758282e21a82c90430c26bad1a44334cc67ea49a1964f6f401f029efc897b02ff91e9e74822aad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD579d7f4f0b4fd3f3ac6aa80c2413fa42b
SHA16b4a787ca4533c596bdbab4d22ed2b1f0439f0bb
SHA2568e187058dffbaae43ceca1814e6ed58ce4a29d71ecc37de6b5fb7ef77bca50bc
SHA512b18b527424951c1de51f666a22989a26951edd44766230e92688f2e612fa073220e181ec918bb9c8119e6d8972a99ccd237092c155ff9fc949967b271dc2fc7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD514de4cb4d00ad99f53702137a8783602
SHA18f6911578c47ffff1e6b787ed0f32ca864033b4e
SHA256da96faa78ce78f633ea03ba1ca484efba2c1981b1f13de34e9b338d9c2af8e4c
SHA512ab7ab39d5a1d4544e7d7f07eab905856a269d37859cc44565368c6058f1f10e6cb78f09145e30fab54dff10855958beed5e1efb8e910cab68d61e8b1063ca7e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f108045103cbc0ec4f07713356226d45
SHA18eedd16758545df6f1743ba48a5850970872ac4c
SHA2568ea12114ac3dcdb876929a0490d8e5f38f8aeaae2827f9b648684996a7f0beb6
SHA512bf1f6eed9f1949a6aec30eef79dd03a4c94ea6b81b253dd12595a76ebc5ab94517ece36bc595d5627f1161ce03f2fbb15539e4177038a298780ee8ce8668078f
-
C:\Users\Admin\AppData\Local\Temp\Cab3298.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\Tar33D7.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
\Users\Admin\AppData\Local\Temp\svchost.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
memory/2728-18-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2728-17-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/2728-16-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2888-9-0x00000000003B0000-0x00000000003BF000-memory.dmpFilesize
60KB
-
memory/2888-8-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB