Analysis
-
max time kernel
132s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/05/2024, 08:44
General
-
Target
7c5bac63f072b60ab88957c5e401b213_JaffaCakes118.html
-
Size
533KB
-
MD5
7c5bac63f072b60ab88957c5e401b213
-
SHA1
f9c12f1e1570e4df9a6ee730a313c94bf0ebd7ae
-
SHA256
2b3f3a250fb580e35434d3ff01b22aeda91ed91e8cfe30c17d84e52b60d00a78
-
SHA512
488da90716fe2c7f599d785e57d7f4e5c9efaa7700a16fc1d30907fce84b16a46034c19af16ce3a82f6dc8d854ce2196da27cf5519d7f039e03f7f5e773bc56a
-
SSDEEP
12288:f75d+X3uT3aDp5d+X3uT3aD05d+X3uT3aDe:fz+OTC+OTL+OTb
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 5 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: MapViewOfSection 46 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7c5bac63f072b60ab88957c5e401b213_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:340994 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275464 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
344B
MD5e176055102fc7edb1e02cdb009572fb2
SHA1cd755dbdbf7e675fee21d33e640f4618e96dde5d
SHA256cb2a784154c7ee2d008f19ba37c459034637fbdd7d2f2cea4e97fc261bebfb18
SHA512259f5914dc5820e9b26389c9b52f8e5133889cccf12c0053e6032d09b6dcc4da389304f0c6ee49629bcad7d12a173b67837640d8eaf2362862bccf5bbcd17e50
-
Filesize
344B
MD504b53fd077d86e42cb1a1769184b6319
SHA1f9c1f0f291fdc2eebc53a15b82e62cc00b3b5db9
SHA2568cb2740f8098b406a65e0ec221858a87447bd1b6f846d56b0e2f73a587da2754
SHA512020706243d12d9961329c61ae831d1830db1fa9896231298fcfd80d1401771284f830c38156047376d23f352a3c315c8fbb7636464734d8a34cad694470c5c37
-
Filesize
344B
MD50aaaad4c8de5cbb7663831f4f3122d02
SHA1cf746931c4b2043c813aa3f38ad785f818081525
SHA2568ae6bdee27f9cdb302f4dbd3d1b2313a08840bcc762dcbaf11c115c68207fcc8
SHA512f8c1415014ee5a491809326b8a86a88d4c9b2ffb9bc61b8363ee6500d4a8c02dfa2424d46cd924b4d3db36a909f8a7d19767f33387fbdf3986c5480db6e33732
-
Filesize
344B
MD5c90f921e32c84af5f20ebca0ffda5980
SHA1c449b85d8dbe4dc8f34b0a108c98b681ce99e837
SHA2564d4fe7f6741b30f973cc3026d55d57c0a69da9665b9c8f303227da142abe8eab
SHA51259e6c2b23875c98bc86156decfd5736c02bd524f5aa17f7f0112115a54f8005861c7e94b4a7b86d5f3d532c7323ce23d8a133d700d88b33b7be72040fa45e8eb
-
Filesize
344B
MD54ebe2b7b910f3474f389d0f761954ab4
SHA1a4bdf18fa696060ce462539b8763e3e05ac6b1ab
SHA2566f64c5ac1ea143518899b55ee97c7f5b5d44903dc682b1159d5c050265dc4e91
SHA51289c2871f92c94c78d65d6aed83588a77d1ef1eedc159ad059299bd73aeafbb1e332e9443e499a78975329e7c1782504143685e425be8d07911cf4c5b5d5d9564
-
Filesize
344B
MD5337ed5a7ed8f50de0456ade4d24d5f85
SHA1a013b9a3b05a2f61aba4c5a5423f351570ccaf73
SHA25645766a6ec2e97e2efdc2a5867d5b2b839fdb108992856bb00d9cf4886e63dea0
SHA5121c639b14398aa6a209cd4530e7c8721eff611715b96bf3dd0d1e43dfc4b670eacfc96026542825eb44e0cf0a02629634d3335fadd53dc9ef12c7b69c899f43e5
-
Filesize
344B
MD5538c5c00d013597ff91c381ee06364b5
SHA1269457312c33b59fd0619ff06f804de4be4ac9ae
SHA2567562f5ee1c2a4d4e827c4c1ae8d88cc073554a6eeed4e84959c681f4a7590f7b
SHA5127c7c122867cd6b0c45a9df2cf00cae0ea239aeab08d50a65ed9bc188d8284a646d26419c9fce9ed0cedd9f77c92895bc2143effdc92bdb534788bf84210b227c
-
Filesize
344B
MD5c4b678af1cc234b991c872825244ae5f
SHA179eb7b42f3c76624380a5cbef1fe1f93e9881554
SHA2560087fb384d2157fee3109b33af6dd7f54e8bf758887fc0d108f163ed32ef9bb1
SHA512194789ec194c47699b466e776207c0b82638b48c9a966ba353457e74c6690ce3293545e3c4c70befcd635b29c26c5cfb0488164049f7c036ef46e32c94a5dde2
-
Filesize
344B
MD510558b24eb1bb2166891f888358e8eae
SHA1127af3de7e98f3f3fd4aa5f8fa0c7bba7bbf7afa
SHA2560c53955c9a3b58d89697569a3eb9757e2ae242f8d5f04192a6a8872fb3556b77
SHA5122341156ac2532b806b88469c712c1e6a4e388bb96f3a5f050303c2f224b2e6c23e4054386ea1766970477a0aef41d408171b74bd50967be5122643dd565e221b
-
Filesize
344B
MD54fe38cec56c5160e284710a8e9c11975
SHA1a29b9ea3946dc58640a44a3867440639a145d90e
SHA256f1742cb9f4249ebd136508318e4781db4f0087507cf4a5302308b04075238382
SHA512b1d1d2c30336bc1b2f0d383fb610bd7435356348df5f1c89869b6c8b4135bb9663cee58485cf760aad23b327c00522dc31e1ba2c0230edb92342bb284b5c21f2
-
Filesize
344B
MD58891efbcf114b66a23b013659ec3ac08
SHA19e3afb317d16f19da6f16f3017962a6a02f1c725
SHA256e46f9815fd62312e4e7c78a4425c44a928ece93537870f08c873485a574c74d6
SHA5121df7afe2330441b20a54e5c1e0d51923a7a2da1aa2307152e1d8c9dcf2b5728910707abca24c428ea877e45b3742ed489ffe50ad8ce389076b07b50f7b4b1bb6
-
Filesize
344B
MD50c189bf36f9a2b3557c39a85c991fbea
SHA1246057ec9b775d0ec4b79c8132885f8599817401
SHA256665fb70ea6b02eb42f152a367d2095e4670d50d76c9562f1fd55504d453cd4f5
SHA5120b4fec9a1ab0400cd8b12b3590915a163ca3bf695ad28c028c2ddba63b70b562233fa907c95565a2c02d5082c77fbd5c3d9ed85c6eb38c0cf522c599a257b9d5
-
Filesize
344B
MD544905cc0696e9b2449179c96a8045846
SHA1f0c4b06936b0ac61091d5d7de352b50fb36b197a
SHA2566372878553c2e84df562da77441f276efa53462de72fc8ffc0e5e777b02c4159
SHA5121c27b4485b1f004ebd7878bd1f2d245d62b146c9a1ee996a941b7db9ba26035665aedc848e0e81a8906cf3660ab2d1388be8d50e6f434819839e6ba1b20f780f
-
Filesize
344B
MD530c22e64d9662735ea22cb86fa900fc8
SHA1841ae40ef23f9157d51bbd14a87115d756f919a2
SHA2567d12364980158324200d4d460475ff2c1a1e1930a5198da4aea03f6a90181b81
SHA5120d7f14c46986127d9f3d73389923ffb67649355e139b8b0a0af7d5390557637fbd9452609e8339b6d14d395a3b70bb06ad8f647f2337e7afbfc5eef2b836b19f
-
Filesize
344B
MD531751096d1a2a84240e159fdfea882dc
SHA1ab1af6a88fb380911b484e33a28324a9f2057814
SHA2567b612c1d039694220cdcacc34d04cc3077076a0a524d1765261e35ff16b89540
SHA51222a9dcc6a0e039786860349a0bfa8ce9091cf33fd26a86d90099d0590c0a0815e1201e308018ad783c21c98aa6f06d2998ba2a96687c261b601eea9e940d8372
-
Filesize
344B
MD5ca6acc197699de582518b080c7d9d1e8
SHA157ae82686c523303a13252f721857cfafea0cbd2
SHA256e7b185d9e81fcecdd39ede136c6a1e33f37867dce0f80d8e6ddce7cff3eded95
SHA5122757abc6e6a308dbbc0716f1f8012fcf49116c40aba0c6aab2c7a926aa4df87ee48ca92b343bcb0ae359f68de1d3d6d15077742a7a25d0906a42faace80829f0
-
Filesize
344B
MD54f1af08330c2918c0b10fdcc44613722
SHA17d2342e41a0f36bb49160c165d390e2a3b585b5f
SHA2565c521fe5ef67e8ffd47e6b8e424de2de0ef596b97da0a874f5329b5849e431cf
SHA512b96f5d630992bcd5ced3691fdaf5adec61288a279ce8eb30a849af699f1b82f6b3c74c7a03302deffbd4a243be8b5d8ee27921c05eddd11b00c8b41e343f6f0e
-
Filesize
344B
MD5bbc5bf31bb4a7dff2d0e489e497253dd
SHA198a72005c2d9d5b805ee77a53ffa09c85367699d
SHA256e6d6d7d1795b6cb055778b552982887177f69144180b4d4270c28eb716036b16
SHA512b6f8502badfd5c8c075adbc7506dda27d57a0b843699841b3bd19979ea60de1e2a714077fd40b8a663f5d2be0307d3b029a89aff539e4616dd4598291822a148
-
Filesize
344B
MD51a4a9eb846c2a384efdae99e578ecdb4
SHA1b111ff613759bf1ccb106c88c0b5f6ff58e841ac
SHA2563a1301c43f97899424cf064e10744f4d7d3abbca80a130b5c99e793ade8cb5ac
SHA5129de211298af073af1139a70d9d77b19d453e637b5e94577c0435c637eb42c3987db00be52b2271d6da02afd2014faaf536bc27614f89e1c7a34a69ee9ca203e9
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
84KB
MD5c25baafed6fd4a75f3954528e64f8d64
SHA1372cbe86a3fefbc39338ecd8f80b5aa05ccf2a34
SHA256ff96bd48cb454d39b1c62fc657e9540b66a7c0b7225184d0d747341fe835eb47
SHA512c7f4482ff598187ce80537088030d482b22e81e16d65620bbcf50a169c8dde5d89cdeb353ed4fc039920250c42de8fed3eba406e1bb248e58df907d105776e6e
-
Filesize
216KB
-
Filesize
216KB
-
Filesize
216KB
-
Filesize
4KB
-
Filesize
60KB
-
Filesize
4KB