Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
26-05-2024 07:19
General
-
Target
74b87361268c729ac276c6adba5f93eb_JaffaCakes118.html
-
Size
116KB
-
MD5
74b87361268c729ac276c6adba5f93eb
-
SHA1
88a64609f0ff6c61003e539c3fc25c683e7d3b93
-
SHA256
9aa4af553414207e6ced579015d16acc30168046e25eacd8207cd55726628a66
-
SHA512
d4ff910776e0b2600e9f02606a896e64aa9974d89d3b7514d161454f226018d4ac7639cd63a71a8f185b0e9d2c30a10e8bc6a745c5a15bed0fe8e45c5719c021
-
SSDEEP
1536:S9yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsQy:S9yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\74b87361268c729ac276c6adba5f93eb_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:472070 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5941942f3e5eb8ed1ba9e35d981c09e18
SHA13c266f7177e4f7f626d91aa70012ad4775b4ea07
SHA2561f8d0b8a570af802475d468d686b5315c7c32d25891408f254bf5e8f394732f7
SHA51288f702561eeec168a8f91e7e01e80f7989deb1a0e19954da3f77596d496171345fa8b8765977f7b5bbc7c05f3bf8f4dafcda845483b4430c7bb624af26bd3ee1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5a0a11313e42532ae142edcf0329c91c0
SHA14713c9dec08593bc0924b377bf6b030e565ab44f
SHA256f45c69900c998f7d56d24dc8471f1412eaa71556499427c3f41942426be16d53
SHA512efc0ff3a00dfce3d54db902982549d8c9c6d35b847394dd0b8b08c4a28383a296ae68a6b42f9fbe100db39a1bcdea53436e4ceb4f22ac2bcd24f650a4e5ddaa9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f649a5733bd53cf0ed48c71fbd57ff6c
SHA1a424d34ac5822bfb4b728b0321014d08e3cf6b22
SHA25678e7c2e18398be5cfff44e53fdf4cacc276208ac28417531c1d27ff43b320ba9
SHA5124a4648f474fa48a990a97952d9bb1eaa2057b089bab1424ac18257160b5279fd1e99974e2ae8e76ae1e1035f65f76c9605c7e8abfd97872755cd85c24d9420fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD517fc492132e5969a8701c469941f36e2
SHA1172a1cd233c7ff05e22d9a5989b7987b27c659eb
SHA2569868d5fd1bb6783ece749d80af751b5b309c043e0b2826d84892494a4a71c7da
SHA5127ff48809d5c9fb24a4bfbb10a99fa73c238440a17675bdf769ffaf3213130bd225c7842bf48a1a4cd227d9d89203cf5c9979ed0d0d016461f1fd2de93b2bf241
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5029e710ab37b29d151d6ab44b72220b8
SHA102199481ff4c636854416c0d30a94b7bc692ff6a
SHA2563d663a75b7aef1a362c56bb64114958272ecf56b436be10dd865673da9ff0659
SHA5124d89606d447a53ec558444d970f5e55ed9a48c0c00dbd3d9e3b3f79b79253c40ea0b308b850d78b824af0af243a89bdf3eb7f28c79cf15ee19a7692c80f1f40a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c84349f8431b0339b5664e2b262c449c
SHA132125838aa90019dc54ccbf8b8ba2d664b3c08b1
SHA25611f367a74ac42caf10855437a2b32764fe182b06f43ba07166ce7f0a8fb543e7
SHA5124c3be58e0dc3d85a952919171c94e1d60baae0a1656607a306a467749688ac06b40c7dd43faf6b78bcbf07cf652ea6d5af49b42cfb6187fe972b27b00ac25616
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD52f1cae93478eef1f88007926ecf02e2a
SHA1b1c13285f26a6ed93889c01ebbdb22e319d3bc46
SHA2561ce1784354455e68ba9231655f191112a624c7ae02e9158ab0e18e0edf55b8b0
SHA5126769b3df7f8a43710f82466929ea5c9f3f21c3b3a205fec5aa6ee8a164b8267bd3d5ff89efdd0e5ee68cba2a32665ae88c14daab1d728004bbf32799efd1fffc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5ace0d0aa8e4f3a4b7d750861213726ef
SHA1718ec77e75debfa1a701d98cfb2d9b88659f8266
SHA2561e8f321b4e6c73465fe92b9065377ee66b0612f82ba7b69616c494af6eee6dd4
SHA5122953220b0ebb6774ebe666ac51ddaffdeb4b539d172ddb7e679f8556e7054ee06c70a3023db6b7d391e40f16692cf0a1de162376f856cd1077381e2d01aa51e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD537ab8c9be4ecaf458473607c012e669f
SHA15666db159a35d57ab5c6fbfaf4f3f9bee2ae50eb
SHA256a65321d066ac17bc414add772be870a320ce9ca87ac2ff8f1a83a08b7c27f682
SHA5128594683409a3a143c0b55766f0573a058adbdfa1cc2d534164f1a0a3844bc10587370b96668df7c5da791a092908b204592e0e66b4ce8baf77c71eaf26a668f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c6c74edacf04834adae59ea4c5b68caf
SHA1677cf800d4ece471019f07dd744f9fa9c7755250
SHA25635569e900cdc52531e306304c94a424b65446b72419b1d3f67c7d7d447a3d6e6
SHA512c3cf0ea5f99d3f5cdcd7c7db05e9ba8d99308476784fcea32932b20e857ec9d464df26f1d22f714ecd6d83d7019fb86120d7b40b9af4f70bec15b2b56ae6e666
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58085dbaf648245ff9e8f38d393912e31
SHA1fe862afd3f93343a57295a7f5508d2b1336df3d5
SHA256ae53af9a8d551d81b6895b50722f5048620b482b12d9ec4e5ca973a5a76341d1
SHA512ac559b128e35baa152d34633da70fa28ed158de9e4db7846ef802016719f73c485da568ad31ea402e10dc8f21eca9b45fcec4822543fe9f34fe56e8177f36665
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD50a95af5a8a5927db4d903f5d26cbbe24
SHA1872f3ac80c86a5f0cd1ad4114b7af5524ed41509
SHA256e74f14c2e5086e255b9b78b1395fbe784f42ee8b862c1e35fe1afc681f4c4053
SHA512e989bbec02d35d76cfadb5b794db49af970d1ce99a48131e997bef1a99813ad5b7e595640d8b58ecb76a66a7a8f87f8e1b8296af64d6f86e2b5708c4e90ac7d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD54cdc9fc59ea934fe189f4996e358a0ff
SHA1684aee0218138b4bc9b03e5ae9dc5396fdabe94b
SHA256d0cbf63aaaea724c73920090304c72b404206cbbf0fce4f646080d1527831375
SHA512c2fcb4aaf4f32002429aca987ecf0bce9fd3196148edede5d96e0acbe81a1c9febc1b5ef7a83ac8f18a72d1acdaf1445866521d4f5c3f0a89b60c268c01b5557
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD59c551751d33ff5c6fbd7ee1548065c62
SHA190131316939d4c87b7e11cc21ca736a87767b40c
SHA2569d9509332e9fc8d55dd8bb8b3094390de8cb4a0cc3831c19746608b0d42e29d4
SHA5125e88ca5a46ed94bd1d736d737dcc88e4913d714d5fb456f3e9d426424056eb5aa219e59c27dac8b3897b68ba9ad60d76d04e939f8eb1c30e9f0ac7910ad4e460
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5127bb386ca7a2f463a99032bb02eda1e
SHA160f62f115eb393ef6c5dacc812105c6fe92fcdee
SHA2568241502b3c8cde61640e7ed5e1fc246c8e5b7cbeaea14d44df565fe5ca323c61
SHA5121cb29db6fb10927433db0c284e714c0c558f27cb118681ac4fef0b0b56321640b226f6d4a98695c633362f65e81db87440278c14612b25c5694ac18dfd988dac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5d37e72537ad2c309f6a5c7066a554ac8
SHA199cde5c1d5a7466b2ecf8d042ea1fcc43a74f9ba
SHA256d3d75e14f985ce67b30476422c79207938417076d74756443e3ecb83405434f3
SHA5123ee1bd1de50293ead309c027ca28cce8a3b07e075804a0b5a5661456326f204f7d0fce0bca0afb23951da1c31ed8508012a9139c397e33d5ced46f7075e331e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD52c46bb0f893e856a1dbd85d8c1ca7d06
SHA166b5eea6b82c66f19772f9c44bf3e57f8b1908bb
SHA256015e1eb7eb321329df128adb6445a183be7b6e90edf124ad12d8015abddde32b
SHA51292bc64029063a53f82e6a190a613202ced18705ef7062754ecac93bf1652e3ad33b4ee638024cb6612b0a6d971b6863ee7f15d7673da0bb433942c053b2af489
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e7d8d15a751ba7d2d4ab714079e3e569
SHA1df2d06904e78dd2093228547ee8f00c3c7ec0abb
SHA2569bc0e3d2df9f5713310ed500a0549d442c9388c3a6634859c535aeccc3758f10
SHA512771e510a1a8de25535f00b1e8c9e5726891ed19718a9621583265675e61e3f1fdd464b40217f2d6a1f85beaa80f35142d136a91f951113c0fae39f4fcbfd96bc
-
C:\Users\Admin\AppData\Local\Temp\Cab1E8B.tmpFilesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Temp\Tar1EDC.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
C:\Users\Admin\AppData\Local\Temp\svchost.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
memory/2684-6-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2684-9-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2684-8-0x00000000003B0000-0x00000000003BF000-memory.dmpFilesize
60KB
-
memory/2716-17-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/2716-19-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB