Analysis
-
max time kernel
136s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
24/05/2024, 02:24
General
-
Target
6d0df0429edfb1bbef0aabc9957800a9_JaffaCakes118.html
-
Size
188KB
-
MD5
6d0df0429edfb1bbef0aabc9957800a9
-
SHA1
795eb0dc19db81d2fbf94a0b9a66f3bb8da628a3
-
SHA256
98b93cd36b377397cd53276cf11c0bb6c2d53b28ec9464dd9c1dd8aee3572d5c
-
SHA512
5ea68817ab9779d97d7cc0698a5bc3f6629028a11803ee4f0ae875e10042c7b8cb75bc86b31a033e41cbdd5c55dcab615f8d5265e00c635425b5b303bb516e12
-
SSDEEP
3072:sakyfkMY+BES09JXAnyrZalI+YB56QGt0+aF:sapsMYod+X3oI+YB56ft4
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d0df0429edfb1bbef0aabc9957800a9_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:620 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD5b780120bec3ddc156acb4e0a9c9f4d57
SHA13ca98793cedcea434fddd905a1a5ce3da3dc1385
SHA2561064819ff13c597f1811d2bd794d6deb0684f2ebaf3482d15c1c8a7edbb92ae2
SHA51273023df28de8b80c35aa6f50525e6b5139630c6367b4532a67c0479c170e83e1786884dc2815266ab18899030dbaf6a6106576b96856e2451a125dc49a463879
-
Filesize
344B
MD52a76c4166f091e2795b679f3f8de38de
SHA1a447910e2c8173629f7c75740d2c842f302f2b8a
SHA2564f07776a024a4fcbe4b878b31e3a0f46bcf8c672d3ac6e9eb2e9d6faf958bd7f
SHA51209de82fbf5c6aca5687d5c5307fe11c0f44db9ef6c9308ca5048fdab12a3f8afcade35601f646dfd4be1f345f7f470c31590ce14db1ee003111b79b2c987a830
-
Filesize
344B
MD597bb63a5f0028fae54aa7ffc4fb904ac
SHA129f0392ba1ffefbc0f67c0a906116ea47d946c85
SHA2560742b4f10e6eb2f8a12017051db42c998d84896e72d37bd39497d9a12af8402f
SHA512abb1abd749f57a6912dacb08e1add6c9cc7c5c7da87a9d3ad8779005db436424b76c4fbf190da45882e381a3dd3f818bc72e4badefc7c70b26e1eb5f12aefc48
-
Filesize
344B
MD574f31efed1efef68c26ed5a000fe9c06
SHA1dc06e5829cca0ba01eea52018f7d6b530e32858a
SHA256b1841f062d70d9723f842167de091f0d776bc78e601dc5888c9a12388fa3a61c
SHA5125de30fff97b1b6b6461ad300b45929d44002ff27bee3ee0dbe3da2e053771816fa8d0b1caec02a8d600047babcab8c99cfc43eb928aed12872e84126bac8cf26
-
Filesize
344B
MD5c5a03605d9deeb0dd2f64469bba1990a
SHA1a7cd4743e16e36dd2cbb05e25317e7b90eff15fb
SHA256d48b565a8b1009a140f60408e1cba263ef8f0b688a80f74a969deb0966cc405b
SHA5129777557d2e3d6c3fc048456bf877f1bfdfc9773e3ca14d0342bca55f173d0c6ff6912b3c5d9196158488f9f72bfbdf01ff3f8fe90d0d984e55e21273e6781192
-
Filesize
344B
MD5568446f065fed66e780cbc61e1273780
SHA1e4bcae7b633cf815379875aa16ffd751bd30fccd
SHA256ab74c8d6ca8c87287dca1912b1daa5a4c547e35a7687895d3a74a6b9de042b2b
SHA5125338ffcafec5052a2e0c27839d1c7ec261c95152c79bb2dec35b5914893ab32418b84d62b456133643c86b4626d9570d78e11bf8dd12a871cdad2e0015a419fe
-
Filesize
344B
MD51f1e37aea6cff9776447df7f5759cd6b
SHA1af4ad52eb7b093284fbcacf8bbde053867d7074e
SHA2569887603fe4b9a3efe4a276ac37dd8ca2dd912d24b29f323a78ad78258a8afda9
SHA5123bff8918206530ad7c3d4b8c3f9143ceae491de3aeee3b0e1c8a55d3bc65e3089ffe5cef58c7ae4465b3dfdc743a3841f616fa9020411e4e1aa06635ee4e2e2c
-
Filesize
344B
MD53d90595aabd42380d2ab3dd583ab7475
SHA198a9587480313254bafc932aa56bc5c24348fa2e
SHA2561f1895f44287c2da9497b47fe0ab5f02ebf950aed12266e6a4aeb538b906be7f
SHA512f5fe33655978c329dcb3dc357f4aa72400759b3aac7e5462a1e4d891805909db098b90325f888a2268fb12c7e52f03be4e3bfad74137826d975e1c10e8343203
-
Filesize
344B
MD5f376d2eedb735e410e0d9915dcbc3f0e
SHA1c8edefcd339abcc11d6878427eae924090f7339d
SHA256859ed04a21b93f759ea7b9be5a0d11db3472a8a3815b9b5d3eb62b5dfbc965ba
SHA5127a061f00676d5abc84df9f82e1598fa614a6bf097de0010606c0dabd17f9870a641aa694cf9f7cf219f9d71466b611b636b09fbfec941864352f72016ac6efd4
-
Filesize
344B
MD58f5c0c8b7bac561d1e1ca572aee6e38c
SHA106ac230878a8d036958b6cb7cd2ab537590744ee
SHA2564a90896f87c4716f3498f57430eb7d8df4695d7d33d104af1c3b25958e600964
SHA51227d193481799670462740a67f7096985bef5202056c383f3943882ce48152c9020ac15d6d793344bffc6700b253bf5ef25e0c05c2c3b4c01bd1c57539ee4182e
-
Filesize
344B
MD53cfb65855e52ff9b30def51fed719797
SHA115571433848b8315bcaf9e93ae6f2f7893111cd3
SHA25619e2bcceb523af01cb04479d09ec9933e1ab0d3be6e0b7bd7a7a057f66b1fadf
SHA51231f74da26c95176f7526b638ca2e9e352fb10c87ca91faaa1d24e092296b53c361eac958ad1595df092b77d614f4259da52de9565a3f884cf992821721cbd674
-
Filesize
344B
MD5f749f35aa63452b4d511ba9af7dc4f54
SHA189515b636898f682a7415eb40d193192451a268f
SHA256f53061ccd3bcc3ab9ad00a0266da20ff09b5c1c0e9841d582e6aa31795c598ed
SHA5129e635292cfeda8370468d6d91d73449e13e7aa8864d7c25e08bda86dff08f2f0c398c7245efd246b6c0f6a0cf51f7b961f1eaaeeab37da357bb525981a468464
-
Filesize
344B
MD527998d339af658af55f9a2b6efb031d5
SHA17a61b5b60bbbf1433481143ab52952d78068aa2a
SHA25632cbcc85cdbf7cb9030479f95c07689aa5f366af8f84c9abfd964ee944635a82
SHA512d111a380c1ce79b62e3d6bf92f61aad725f3c7231f371ea688aa0b9f8ae96cce9b19bb3417e400856e97ea0a6647f8926b28433d3941432e9c75b6a7c3287b00
-
Filesize
344B
MD5031270f6ee243e9ad7f0122a9f1f80d0
SHA1321efbbef1bfb468c93600b1f485a578a1ca99fd
SHA25600cb43e3d19a2f7adcc80cd701b1966f9300540a0f23398ea04454ae4d56c737
SHA51238402422df8dace4843379e82424328c0ea942cae3d6b3388ec6961878a2a56db0f258b05f6ff9cd802356da80fead184b78d87b455803b97d188ba7faa29168
-
Filesize
344B
MD5362e52aa5cc16c6986f2dd99a49419bb
SHA192c261c72bdfba7cc7823acb5c9ad8b01f1cd030
SHA256bb3e9f44efbed25e22a3cee088b3ded9f529da3167a0c2a20a76263edcfb2bc6
SHA51214a69b0fd219fbfcdd02c4a8999ad0ac1fa79f9237a24928eb3ef078e9b1c57ae99163a76928bdf63e1c61d7b5f89ad6c68c0980a93ddadc3bc0c0b414ef54f4
-
Filesize
344B
MD52e7bd2a2c663d24da44a461c8a82d399
SHA111df4ece8cb82b9266069cf1c3726cd0f0fa86b1
SHA256d5af9da6b8ba67eb3e8df662c2c63df5bcbdc1dfdcb7a37616be4ef777b94c4d
SHA5121700394db14ac43878ef29bb36f6e0dd01a3ab6ba6a8618cb4ea06d144c6bb77234eda65b01714f3299553545fbe022a6b758f57c6a17a2f08a969ea938dc495
-
Filesize
344B
MD5afe3cf01a07f23461279280579eb30c0
SHA1b918b0f02d31429381905a5ad83d37ea5f4bf491
SHA256f202705573b3a5d7fc618f8a7d5956dbb4c325158ec21912007be771d6ee3568
SHA512124749c069609466cdeac2314a2053e8788ecd74b1f7b4ee61b9f60fa3e0ec2f1dc4790097150918c9ae1f5a32a1be28f46abdaf3704190914ec0241d02222fa
-
Filesize
344B
MD5382ab35286c84bb1cf6dbcc4e458f2cb
SHA1a1fa8a314192347339260823d083d6461c0318d0
SHA25668231890d220faf5052f9565c596974c86587f26dab8afc8a9300ea48f9e626e
SHA5124cc7b23fe4b5901b1f8f15d7d45da925d64f9706682632911af75b6f88ecf8b92085172b0428fb1ea1540a813a06152750114cbaa757a8dc5ee42f22d440421a
-
Filesize
344B
MD5beafb3d151530a6a748f53ca55e9f126
SHA196efbe29a733c59979dae22946cf23031073b143
SHA256096ff19f2cb1ac0f7bb5bd7a9781dea57c3960dd27bf232c931ae5ebd7619c4d
SHA5121af7d74ab4d10fc98b80b7935daf4904a02a52768ea9205d49dd3c682ec7bb5a0446a6d2f3e47a99abd5f1233d75b154da285c638f4db54e1c5ba4f796be9f0c
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
84KB
MD5028dc27000c649d12145d00fb7597ec6
SHA1606d548b2027db3d17803c597c82c51a1c9203a5
SHA256487b577aca57da4a649272158d83ae5d1f51a8b043e5e8ab43443eebbbbbf373
SHA512de9b9ff1832b3d6fc1402db85b9fdc0d33f10149bff8c34cc5c59a0ca5c6cccc42b26f3fca2504a960628a458ba1ce7cb0081047e2c586ac1d99e3d8c7d17194
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
216KB
-
Filesize
60KB
-
Filesize
216KB