Analysis
-
max time kernel
130s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
23-05-2024 05:05
General
-
Target
69d380a4c72f6988a3d197dd73baff19_JaffaCakes118.html
-
Size
158KB
-
MD5
69d380a4c72f6988a3d197dd73baff19
-
SHA1
0490b51038f21f4483211f3c03f1a3ef2a2acf7a
-
SHA256
52c13d0a65d08bf3442a15743f9248c27ecfbe17f7e9d82d0619339e0bf21d71
-
SHA512
1832b85ddd555228a14e68c9959d73d84f9288768e18d1affac2584197abd6b89c87bff2bc528a2142ee662735a1e6548e32b997230101c56cef2e1fefc81b70
-
SSDEEP
1536:i6RTWb/OxsxoKyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:i4jpKyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69d380a4c72f6988a3d197dd73baff19_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:406544 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5bdd3dbd178bd7d04cc55d55a892ab09d
SHA119ba840d7bddbe77af4e27b9391bbe70b8017f3b
SHA256031a09f021e3d452dd02400f515006e9c2d1bc2c484febb77d8cdc2dfbbb8caf
SHA5120cb35375ebe316ed193fb0d67a5c5187c6e8a2e98067971c47d26bc10c9ce9e61795769155792290d2b61a44551cf488a75b5f94af7f9a36079c1af9f8b694a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD56bc0c05107eff413e3efaa979f8ae472
SHA16d1dc24f5bc8d6a18f1edf38d894d3c97783ce72
SHA256361a2bf057cefc0afdaaa481927d0e6096d2a1279ce01910a71f7f977dab149b
SHA5128de705dd0fd93112aec6eda227d43df1a166e4aa695ea3bdaf76a74b7ac148cfaf97d8ace6747e547b9ff3ee934a586b8ff6cb95b52f30f00da609bf7fef59d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD59c90811946c7c6fea59005ad31dfdd7e
SHA14c08efc493064a0863f0aadf4e958a0efb867865
SHA256a62ca3266ec25fb094d1e1933073021f7f0e9177c090d942c1e8bebe7c3444f2
SHA512373696f9907d298a6ad2539e18000617cb30338d57dff3ef1b3251ac6de4b86d26f4c125809877b54beb21bebcdaced941e759627aa28af056154c6fca22b2fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD551ea82f9613065e3e089f76b20d989b2
SHA1775bfb4169104f397ce72320705ac3671efd2cf0
SHA256b746a136d49869f424c30c8c1be06e1a984fd8a1d66bdb4e2f042f0e4b853c5c
SHA512c373978dce8758dabdc018c6bf98757cabb41bc4bd6453bbae4a8a4bef9b7e0b3362764645b2b3595b3419974efda9ea8f3eff7860bafb4190b8407c9f8e8490
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD57552d4fa21b555606894e383cd214b8d
SHA11528f69ea83b242650f3461e6ded6e0aead2d22c
SHA256bdd57b488dc0708a76938eaa23f54ca5ee5d76e4c74609bdb3182b9776319f75
SHA512f422ada2b69e13d0b2f754c1f153361ae340975b4682f76ef486f1d20ff7d45a5b372e63e6c01949cdc0f1da86e7fcc4a447078ef390b8d9deb2fd9818177992
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c99a8f8451480c834f0a737a8b4e66bf
SHA13f544d0554f5d8c9b198a8e83b6ac94cef08c341
SHA2569e0ab742fbb228e5f552a7529f9b15f4cf9f38665efede014ee8ca8e1696a165
SHA512e673f5d33f6d84e9d4978f38b1199d4a10f1c3b6da30e1cfb83aad6bbe25d373e8d5ffd5b4c7406754a6a057f1cdfbe4e62a8516ca28725e7fdafb7c2bcaefb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5dff7d13b9363b3b3900ca5ec850ed67c
SHA1b9edcf14711914c6c72e474c5557dac4104ba84f
SHA256d4e630ad91492896f55c385a67f1a3f4f16310e98de4bc1c091b178287667104
SHA51229ab1f39f2d155d22ea854c0a1130db07dbd9a485f48949ce21baad3019b9b3aecbbb0c81f998c765f3684eb3d1a0880fb14798f5b3da3edc6d8b3a94655e9c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD51f957154b05f1793171b739aeafe209e
SHA175acdc48fc5def6b6d4ef6030ac0b11cb99481ef
SHA256c996da9c3943b4a4f5c5abbb04c4a332a6e3fbdecef87c2aab5b6e143cb9fc4f
SHA5128b99c25e4a5978e4e775c43556450f913d04450a478fd63014c78d8557a4b925724fdd6b3baaf6a45c69c1ca7e667b91d41a13dcac73f19d98323dd1af7e6be8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD533b7b774c1de892399df679b378a3a36
SHA1f985b72381b8ed655607463fe4d5b643aad6d138
SHA256e686ee482c2deac6364a377388682d8400ef5dc5dcd6bd959199b749dcbd658c
SHA512353a8855f6fb4e23d96a9410d12a564b60c1f258dc64208c4e916aa143b8de3ed4c8b9c2a6c583def8f9201e4e57eff7cd8cb3da17eaa23676c1e6598d678d73
-
C:\Users\Admin\AppData\Local\Temp\Cab10C5.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\Tar11F4.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
\Users\Admin\AppData\Local\Temp\svchost.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
memory/836-484-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/836-487-0x0000000000240000-0x000000000026E000-memory.dmpFilesize
184KB
-
memory/836-483-0x0000000000230000-0x000000000023F000-memory.dmpFilesize
60KB
-
memory/836-480-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/920-496-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/920-494-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/920-493-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/920-491-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB