Analysis
-
max time kernel
132s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
23-05-2024 01:12
General
-
Target
69401ed26c9645516e2691280031cc54_JaffaCakes118.dll
-
Size
136KB
-
MD5
69401ed26c9645516e2691280031cc54
-
SHA1
2f7dc89ebffae26f56ade813015a78d88ce1c182
-
SHA256
aedd8452f7cf6f7474ab538dd2529e4df534bde9b8c0f09b125729b16903c59f
-
SHA512
a2446fc20b2091c43e90c4ce018d0bbe1cb91881dca123433e4e65e4bcf567969a20bf2d4b0288cca551c9b885cb747d642098c63e329fd3e71eb93fee34360c
-
SSDEEP
3072:zGs3At+HPl1zOOwsl17l+xYYydFIYQ60FB04JS:zPZvl1KOn8xryrwB04U
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 1 IoCs
-
Drops file in Program Files directory 3 IoCs
-
Program crash 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 27 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\69401ed26c9645516e2691280031cc54_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\69401ed26c9645516e2691280031cc54_JaffaCakes118.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:26⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 2483⤵
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD51cd7ada8bd8ae781cf9d062a5e979b0f
SHA16e02877644385f6c72cbe5be8dce89ea807ceb1f
SHA256321e7864848599f70d3ba2a2a5103ab245c960cb681858237134d117fadbd40f
SHA5122f6fe4cb4005bef14f0b51d8d24a00d25edb0aaf6719afbf2e17878ed33027e3a1c166bb4810bca992c509928454e5a0319ac5f224a150c12ca51ffde129ed60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD589f7c25359f9bf1acac3a1a7a280b87e
SHA16c80395ddb5ef62aa50155c112167dc2b68904a8
SHA2567bbdb2bf464c4d77f8b2580dbb47b6d630ae1b083cd0e09fd93b8b6b59f05e26
SHA512d0382b25e7b0f2c0380da0bc382e13428d82ab1d4c81883d9fa84117f1da965b4ba23a69f1618cf588d2be8dc90f858c6584be4e41e0da200aeb46f325ca4b58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5838d2bee9596f58c15ce9609a583317d
SHA192491e9827ec73e1f6bad9248b418de8c6b177a0
SHA25691c6fbe1ae7b8417cd1601680e1f5af53173a5086675e328aa0a46707f142461
SHA512c3e0b04a7e1cff68fe9e93d117350c03c35334f2304b97af6b5d0f56192ed9526d25d4297c6016d9ad7509907ed3c4c31592a4cbee4d26f4583e12707546435e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5681a374dcbe6b07b440c0e3f5763a01f
SHA199f62c83bcf09efaba058869b46ee753b5780662
SHA25661d538c19b54847a54fc554a863e804578ffd90197394aad0465076ee7ec580f
SHA5125da0b7e970a77117d963ad4c0538e9ff804c80385766ee60ade347bf08d62967714c950fe4ab544d4fc6a8d54ba31d130f71bf888854aa724bd391d7675fb8ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD575f4afc444dad2ab54388a7b9505aa1a
SHA1864342b1b0abee6cafd64c5e87a3c80476bc4f72
SHA256b1cfeda47b7640b02af589b7630abd03596ff9db137815e9010cad04b9a8e650
SHA51291c03775f9116b39078d05029cf62a279908916f5894f05249c88a77ca3e2ccdf4bc1729ad9bc86172ed5924c164b504d992b7601cb46fc1a4c17019290102a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5cc304412cae315edb895b315b409ec94
SHA1ae27fb376f4f0668279a7dea2125d239ce9c096a
SHA256a32f1c717341811fbc2ec911b2053e4ff026ac82941a886f094c3e749a6b2393
SHA512ff05db6824ab568ea13fa2bdefca9b480dce8c9b2a8dac7763293e65f5d45c4bd070653a587a51f984564e000315b4cbbe67f2ffcacb4eaca30aa6ec4111b900
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD56a46e1e5b92a13d1e75e53f542d512e2
SHA169c433ed0fff45b7412980e9000a33c3beb00828
SHA25600b33e3cd3e080837b29f0366136a87304fa87088b11f06ab14fd2cf16eea02e
SHA51296d161e6014c6ac0322ce88128290ab396513531fcf0158cdee65d597aad0fd33a90e778c4412ea03ad9a0581f356e0b6ccea35c86c54d4a594facae9428a450
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58b97a81a72c34c2d361a0116a1352db4
SHA1c323d4971f816353fe7e4828d3cfe0876a532fee
SHA25604364704f10ba703d85c38220b3a1bd96d6740ab5edd84a3127eef081d5f2653
SHA5120345836bed0ec84a3724f5f3be1f0bb505e8377c259b6f13be7dcabf05ba070ed3de1dae0724dfff343ada21ab4eccc3e43aa5ed9d8ed14af29f147b057f05c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58b166af2354784e2f4e18112233f3882
SHA12b72d112176d41c4cff2662f4ebb320bc6928119
SHA2561ee9291b3be3576c7e37805a38c761003f68781cfef5a90ccab2b573905e7527
SHA512842e6bdc3796bcc803a5516624fea348fd147172c7a6088f0e51647e2ddcdef2c655fbb34d8f356d4e8b5dadd815d07e1d2e12af29d571a9f62a2441032f031f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD57334f34b0af27fd9b314960fe5a1413c
SHA15a2ba4a6ae32405ffb59c47db5d4b4e0d895b235
SHA2563da0038f230f5a2029d85a0cdae0c169d9f9a57169a8dbc7e30eb005d3cc8c5a
SHA512c73873f9c872f04696a77db3c02629c2e28841e2191789f5fe3d6ec2dd295fee76ce58ef23d494157a7d5e3f3b3d23445e5d8c50b2bd9df98a9da1892f66eadf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD598aa36ff85f95ab69100b78920d0dd46
SHA18ce1c9c3ee1fd44685885e8a0d8fe0edb37ba927
SHA256ad0005ec69f9d41f617fb463fe64db4454dd2441f0e8c5dbf0b9c77388a98999
SHA51209d100112e5983a7e3014fc19eebecd58456fd0f3bb7afdfc0ee09888d65560a99966386fcd2bf64026b19464aab7c2dd17e4d8443aa8e0ba26dcd5257d6ca4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58fa0b564c2ff72078aff3b43ba10a31e
SHA1d80e83ee3e0b893caf091150d03dffcef91beb33
SHA256377cd776e6da532b38b3bc978170800247d1ef7d5ddad4578c122b041fd12ba9
SHA512d1d3ceaa05f00464b8e3066651671014e51dad5a0af37b6ac085d18033208f2e58ccf1652660a71cc82c8aa26a379271a555d45a66aadaccd626c723f675465b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f802f9258fe2c3b592bcc1b3c68fb050
SHA13c4083430f70917b3c3835709d2a800f0ff8a324
SHA25650db715c8577c490ad15e52041493bc20877f5a3e57d237218cf1d1194e26556
SHA512ad7429cb4415efd5f7cbdd2b90169ccee87f27a3489644597f0766096e3bf98e78fd120b1f5dfa1715bc00be5e42b0a2689703c072437a4cf0abd5defe237abe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD576f4a90a6be0001e74b90fe7451294cc
SHA1a2ed276adc6a582ccb73034ed6214b379426165e
SHA2564d336e55281ab904f5afdc455b95ff1318082174a6587251ec0d7d931bf25654
SHA512050f8fd95167ed23ecb392ce06807968be97f24e0a8ba00419f5571835fd5ade35174e3a12e91028b2dda5bade4c21a5a50dfee31208241385ca55a4d1ff068b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD558eae08fe07bad5b6605df76bef1c312
SHA15d4165652997c40ff58ce192fc46745f8ab9f597
SHA25639b6027bfd18c44608579986341d7494dcb5901577500161fb1cc1509c09cee6
SHA512b79e74f2d3eb99c39033fd352284225c6447cad001cd638b4c318d40a897601e6c45e3f4d83a1df5b53f2ed8e378a7f30d3823784774a91c97fae79be5909494
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c65abccb17db2e44845b39f824c05ca8
SHA1780ea36610fc4eb26116c3ec255a75d37335b4f8
SHA2568e48d18adb02cca92c5112d7c4e27ae6d18f441ac9bc3fbe9c45602f463e9f59
SHA51254c00ffc2dca27a05e520260c160bc97272a6cf11b77c5909e656dcd209aee332eeb8bccfc3ee432abeedac5354f9027494817012e458d9ef3097bdf81f319e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b4b9d5bf9b439f14dc65a2b812274eb3
SHA1087f6b7f1bd2ae7eefd5bb4ee1d6e00dd7883eeb
SHA256e59032aa6e399cfc24ae180dc48b2d6ca5553c7ac714a67dc1e46a57053f9df1
SHA512a2a93753e4fc96f93bb2224c5af2ae0f404548931923f66917483c8fab5ed8fda6edfeec6e256c13e56c40203b4cf3ec0ae952528ed8fa9a00cc07741dce388d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b1e5d35cc80ced7bad5c8421d3e61f6d
SHA153f87b10963114e27d4788ba0ccc4798e44dc9bb
SHA256f9f8d467d7789a7325f83a0c97d81e6748b64417c72c8709199f013b0d66e747
SHA512c3b6e4d285271d4f5dc3b9d70263a9f1eafe01e93485c0a38540da13ecb57788a6e3543b11cc788e3c312fb7595dda22a66dc10da6820df97fff22a6266b6e6d
-
C:\Users\Admin\AppData\Local\Temp\Cab1E7C.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\Tar1F5D.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
\Windows\SysWOW64\rundll32Srv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
memory/1992-0-0x0000000010000000-0x0000000010024000-memory.dmpFilesize
144KB
-
memory/1992-495-0x0000000010000000-0x0000000010024000-memory.dmpFilesize
144KB
-
memory/1992-3-0x0000000000220000-0x000000000024E000-memory.dmpFilesize
184KB
-
memory/2240-9-0x00000000001C0000-0x00000000001CF000-memory.dmpFilesize
60KB
-
memory/2240-8-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2976-19-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2976-18-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/2976-17-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB