Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
27-05-2024 08:57
General
-
Target
7899f5f68ad3b1faf9da6865a1fa871a_JaffaCakes118.html
-
Size
185KB
-
MD5
7899f5f68ad3b1faf9da6865a1fa871a
-
SHA1
b9c0f53f3ea1a84f3806bddcefad3e9b39e7a2b6
-
SHA256
8c2275fa0af8c89da740482c24da659f27f04db587ba50e037b534edbf12a2f8
-
SHA512
cc292c5569ae698fc7fb3df6686ce0cc14195e0da28b75926297178708a23fa3c9996f81fdc61b68e6c41ecf620cc7f392a50a2b277461a5f07d6f11a2e0d340
-
SSDEEP
3072:SMU76M1yyfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFis:SMU76M1sMYod+X3oI+Yn86/U9jFis
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7899f5f68ad3b1faf9da6865a1fa871a_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275471 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5447d192b21f6b836ec1b2153313f1797
SHA1b3d8d5783cf170a68b92e40a3c7bdd2dcfeae3e9
SHA2567d265e97e368e911c0fbbcbf02f5d14de4ea0cee5aca4cd406389fe81cd1d000
SHA5124e506c83d3ca7196d3f95ac7db476f2ec95741d916cf1d02452bdda1aa46c039f592b575d58bf516888698034df00ab856f110f55787bcd124243fbe40fa9857
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5a5d1581ea7be7789982eef12d44a79d0
SHA116563743f26100e1e9dacb08d3c8f12099d52754
SHA25652dfa31a5d535dd6b428d15bb70feb419844b83e0800a624e18f1cbf8eeed8e2
SHA512c8152da2ddb2692b05bc261e77f65b27bd314cd76b1765453e2306a02cf3202410703ade7f13b82faf39cf3ae3449aa37cbf76d47f4c83bc47df61760555187e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5fc78e682573289b1f08552c0e5fdb04a
SHA151c2c4cbcc3b8029256eae40127ddacdd42f9676
SHA2560b729f831e6a3fcb7fe5620fc355971d402ac33b95c80928bfd3c4f154e55b2d
SHA512711fde364414f2516fbd4d9e1a0d6de3739a07b7ae686993c428159f66e5b8126c3f9d1178b8ed03c64ea973f569e178a60981cb1a5cfcc38e17cd6cee507e58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e73c186bec6094016d0483bf3effaff6
SHA19d4fb98cf726fbf715fbe5646d778dcd36635bf0
SHA256c497b805796c8cd97130815f4900bed11d4902f01c0d1066a65a5c0445cf99ca
SHA5123ed6185cb0787d11bbae9feef3c3e42f60783862de8b2634830ce5c34ac9f16c80c83845587aed51ea38bf2c0f40d8f143eb7373fc1e6896bc1b7632555f3090
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c7ea7bfaff061002f0a3f7233798bb13
SHA1978186b0b2379cadac062e1038350c05e1d047ee
SHA25693a604aca1823423147f2827d42208e5efa9fc0ced46d5d4a70b95174778da50
SHA5124bfb060ee8c680588c478bae8a81a0e1cb2e6822d2217cfbaafc89983aa2af28604688a35a3af8099baf61d51a2ef9fa72433cf05a7eb0531da98a972fb3ba76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD552523ab07c46fe169634e864ce074375
SHA176575ff323f8fdec98bfef40d6bef080f986110e
SHA25636973ae1dbd43dbb4d710f1db7db600a0af6fafa0071579cf64d9e72f41aa354
SHA5126a5b715dc1d4fe3de128e95f59914bea002f116fa4ca4e2f9eca6a7b8f744fe1051eb3b2b469eed7f7f6db89580623c453982c0b49395d7cb036a27d42e9d25b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD585ae9055d934d3b997741d313cb2c9f9
SHA185487c2616c34e1d3c474b38d939700cac83dc5c
SHA2564fff79e21b038c8a16fe0d83fec4a255cb5df1a58b740305f23e14a49343dcf9
SHA5121370121f02a77f6c0eeb33ba760ee3443647dfba36f511e3617dde5b87396a595bb5f3247722a94b9d3ddb3e2d3fa8c3431b82bbba44d46c93591598a279bee8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5cae3aabee86ae9d34833cfe9dbb05cfc
SHA1d48c3a94d1ced81e15e8b04078f803138e18a39e
SHA256931027482f95ea9df2c3d6aaeb192c0d1e28ff7ac65c75fc8e37542c77028d2f
SHA5123ffb880969adb534515c13f726fae3c6c703df3e5639791dab204f03128e52aa09932904d679f26bd1de2a0715e1f4c88a9ebcb72acbc447354a5b0a83a64158
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c95cd3f34a163ef54fb8e71832da2be1
SHA186b2f0a5895e31c7a1b0660a411859f3531b5d3c
SHA256fa152e8b4d6e2ad364daac9c4616156ace15ac10692ba60c1166144f72359e2e
SHA5125488335a7dcc4887d9c4c7ecaa510fcab8e49eb4e543eb2d70bdc211aea2153013242dbb2af5c1ecb196e473dd2cd2e4fbaba0fc2ce6d1fab0a6a72a8851263b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD59890db8ae8d69902385e31f22dc993f3
SHA12ad8b09e5879abefb444c63b5427e71504a68073
SHA25658f52616c0a19c9d560ee05b209df294b22116700d937bd0bb24c9773c6be1d7
SHA5121e59baa4b1f83149c9627edce9cde5485df724d7cc3541b211f4a34e91be56a8bb5298a9775c6cd06f7b5fa246641144c29ea8cf9c6a8bd3ff79570451378032
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD55f871e68ea336e2ee97f62a24208d64d
SHA1e015687d1451740b43d3e459b894723d2e84bb56
SHA256550d9bd7437b8e95fcba5ba60111a0f422b82c592d46d770a81dd70175cedf1c
SHA5122f75282a4c8d859b856c5599d1c4ce993503fee0633465c2ca9423235a5ad228b1e7cea69133aca87be5aa4c2ede64a4101115f1896358dd6fcb5373137479e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD572be0ef7a54ae8e843a1727bfa3e2db3
SHA1ea783b22a40d8719d735e3c61a74316f150b5ee8
SHA2562a2143784929318a10d180893233e15f172d5364348f2de2ee44c476ba6afc96
SHA512dff639746a1545d72cfd271b449cb7d99464caaec9b65942bdf83830f55ce5767ef4a5c7d303d62cb18efa894f4934274bac21079c7dc4b9537bb9deb991c3b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD512506fb11ca7a1dca25a43fea52f5815
SHA1e08f294a3374b066019581ea99495b0c64b9bfb7
SHA2564cc2d39e8a7355142521f25c8cc3a542e06a24fe8462b344fe2d9167371ef594
SHA5125ff8f936f595311ea3a309a85194618b9d3e75239e93ee4d2c50b2ef3abf6024d46cef99b7562a1d9eb3242393113f711cb254a9378e98a3d6497d44c1751864
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD535fe9229fb540813b2a648eefe9751f9
SHA181012450cb9e9410d3a1ac9d7495f0590d8742ea
SHA256138c79827805f6e105ae374926fb175d57c812eab82fff05b661ef1a72188d76
SHA5128c31e7535357c2bddf2db7ef97809fca743b3bcf598669c1d13e5f193cd246ebb4213800dfcf20a5402f269a0b02b9c637451ada6444d416e979e2a7dbc9fad3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD53c9fe8582cde0617980263f57354c6d6
SHA19a37d19973c23069db106a741aaa84887e9eae5d
SHA25643be4dc7699f54151c8b4fb49e34254b4c3cb09b2bf8dd34fd2c926fc8544568
SHA512f6a0a6b0f1aa08eab1d2d59514773491bf50d6e8bb64b64d3c8fc2693cbf969cf858a927c149560870d4ecc8423a7bd8b0591e8690de6c4caa1e44c680486616
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b2b734eb40a17a9928f058aaafbb1f97
SHA1aae1b83315c39a67ef99f223ad841d611f9e03ce
SHA256ec9017e2fa14f26c4ba572bdfd067efa486f819ba284c62666408357d946cda2
SHA5126ae7cf34c41789a9f1cc374404ea3be807b41c595eeabc4e2f0c6035e7f20aec977983f8546c88424e62d8cb43ec3796328ed1eb241bb4ec760ab170454b4e1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e2d007ee2ace76a00bb4525914b0c783
SHA1ed6822a42c73ab3d2f60475e7b4a98a1c547e945
SHA256aaaba54900e4f2f0295d9e96bc8be2efe9965c1072531056e583aef51ca1911a
SHA512925f950261bdb7c0cc7975272becf0fac02706bfd3edbea5e24121c6e242c5db3010810610d6f1a3914f985fce612e936ebeb1030bd88cf4745deec8ff090423
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e26fac61be7cb1cd7478c20a8ed107cb
SHA1005744be47d507fdf4da1f9b00cdee7ede42a132
SHA25620a5dd056ef82b4843046aff8023d3e415b2b5672efdb7fa148acde58de4a602
SHA5128f970e22528622eec094655e923484f20d4bc9b1e123d92465e672ec091e19ea13c190d87843d72cab13bca113ca0ff90ba9fe9da5b11a3fc1cdb71d2dfdebaa
-
C:\Users\Admin\AppData\Local\Temp\Cab29FF.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\Tar2AF1.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
\Users\Admin\AppData\Local\Temp\svchost.exeFilesize
83KB
MD5c5c99988728c550282ae76270b649ea1
SHA1113e8ff0910f393a41d5e63d43ec3653984c63d6
SHA256d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3
SHA51266e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d
-
memory/2564-16-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/2564-19-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/2564-18-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/2564-17-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/2564-20-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/2600-7-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/2600-8-0x0000000000230000-0x000000000023F000-memory.dmpFilesize
60KB