Analysis

  • max time kernel
    130s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 01:25

General

  • Target

    82a4b5d8944ef9592c3636aebcdad3fe_JaffaCakes118.html

  • Size

    155KB

  • MD5

    82a4b5d8944ef9592c3636aebcdad3fe

  • SHA1

    f180566a0800e7be1c8b83cb057c2542194cd3de

  • SHA256

    76b5d60504bae8f96daab0d106e5ff8b483a3344b62c17ebf0dc3dff1b9d8d7f

  • SHA512

    0f3651058cf4a9973ae06ebc0bc217ca17b6ae16b1099f4ec5afb439a301e22da18d1187e2280583a789fe30a46d95bf416e30dd259d47603be33fa84b98d245

  • SSDEEP

    1536:iaRTZOCwUtUyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:iYDUyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82a4b5d8944ef9592c3636aebcdad3fe_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1236
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1236 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2228
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2916
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:884
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1696
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1236 CREDAT:406540 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1636

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c164b14ea3142c2acaf84121ea2e8841

      SHA1

      a0ea91d5c71a0b8be533b04b1dac885fe63060f8

      SHA256

      262eaab6fc241aff6f6487477e72b040d4ec74023daa9972d6f611011ba72d7c

      SHA512

      fe831d3d48aa4b2adca4c491acfef1625e4ad529286631814ec45930595bfb1283f3c7e1142d86c1feecb9fcd960cad235f249b517af90ff1c7947be2e77d456

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2607652f6e5c658ea91591d5fb3c6310

      SHA1

      104e87a262c3ed09c54e1cf7e4e5d494e7b5ba2f

      SHA256

      4fd63856acf4640ea3a44fe187a7c4bf1132ed6dfdb2c629c08a377f5303677b

      SHA512

      82b7623f3b86ecbdf80eb439b30dda8e6e20cdefb4d644f01d519a96bbc8986796ecb6a8475898cce7c73aa4adf8efe900011207b7e24671ba78b12782510ca2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0b925078784a5de3d4ec2947f7eb932d

      SHA1

      adc0cede531b30c5296b2a73fa15c4b6917d4609

      SHA256

      2b46084b386898d3f0db3dd82506fb1e4d8c6ed5357854b364ac080e7e7824cb

      SHA512

      cf4aaa9f3655b39da6c84933dcba756cc542ef2edec495fe0a3c74983c8b16d02a9c59c08f4cf03fb96bc6a93409901c7db8a16bc3bf3e2a0237e84c70917fab

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      126b98de68718e31312404dd245a225d

      SHA1

      d68f374f3c90ed0adbd603e82f53662076e37536

      SHA256

      57cd6ab1e700921e2e3f5664787721df392ec0acb7923d094e82cef1eca15e75

      SHA512

      63cad93de513d4935c2f8178bd765cc09c65de59e9f1818723b32ee203228cda5107fe8d280776c25a431d20d09d4ea8f38424a91b8605f3cf5660dccf20a366

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      11d4edbe56c9a8564451e77d1c00a0fd

      SHA1

      a9c6318777b86ef701b0fd8818cbb388db2a9ec2

      SHA256

      8317a768ef8c54af5041caa0970363f35ba2df8f5f978c5a86a74f064a4e992d

      SHA512

      5b86cde525e92c4a40e6445f92ab811f444d421d6bcac9bdbd99c616becad70de293e633ddf846937b48308aa4000e2e5ac30f5153f1ee2f3fb7fcf81f69e470

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a679bf202a44dc0c485eabd90bee0fa3

      SHA1

      c54d3829116b945f0a1e06ad1a27d7dcc3d03101

      SHA256

      f24c3b00d1f38408099a751fada0fe41901c65a99b84dafdfc9e3e115b4dface

      SHA512

      8923babc5835a14037a55f3d43f12d8aa660e496c67e6eb86f6e16bf9b2ef7e057df39800132cf81ab2aff6242d98bb55fdbb888e45be1ec3ce6b97b06aa8416

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c43a8db8beb744ae30b40cb1fd8057de

      SHA1

      230027ed61ad5e80025f94aaceb5d6d9d2d3599a

      SHA256

      afd3b549a98792cbc53b1ea6761821d74adbc76943234989e0a33cbe7fbad945

      SHA512

      45d2c6c94d5b1faa87ceee101c793616c0bca963c631a4e372b9650b86b9819844d529c7431f0744a1a9e6a059c264c71ea2f7c0040b655372316411ad8e775d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      831b5d76e6b435a4428963c9bfc85709

      SHA1

      131eb8b2b2951308a6c3b1288d79c39186b28c20

      SHA256

      938ed57d9c0b64b37a61a7a3ae3c1b38efaa375b7aafe227409a34f04d316bf4

      SHA512

      9af5c8630ec7eb269fd387d1fe9b036c95c3808768df1c3a6211bffb91751bdf30c8509c29dfb194c9481ca9d9e765e66063ab5423d5518469fa3569708415ee

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      535786e3dddacfa9fffa0c837c3756e1

      SHA1

      ae538ebaac56908e7246f01153e241b4a5a8484a

      SHA256

      41df8438e2cf82d89f72a5b53bf1b172546ada4d068fea541124e0d4225c3128

      SHA512

      d4b0236465dfdf6b07984c30f1b6ec84c61f1b2a34cdb18db68b4f39071d283a77b4da3ef7979488cfafecf288c29fe2b48dc43f87825ad7beeb2f2be6265ad6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d552dda2e352b454a19d7adc085d1ac0

      SHA1

      48f13cb27c481ae26100ff2cad4e8f93828f2965

      SHA256

      a8d2a4bc75e1f1c0f531b83063dd272191b3968627eb5502603325bacb87f9fa

      SHA512

      ca3323e65019fec87988febfbdab10deaec282306d6c3df23735b150200572551b24d66448e3c259f9d68d0b926fd69b91d7284543373f83955bfedbf3aa52fd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      39db85023b29bb916b83c132f68ae6b8

      SHA1

      33bd94f01bf2c410846bb081a1d2615d45bd19f2

      SHA256

      07a408f1385226b8422abc24e1cd31083a1d6b4c67b867f0a9d2246e0213304a

      SHA512

      19937ae4846fcde3616d4f2d45757cdb375e4438819ecb0517a65baf4691d8c0bdf2092976baad6aab0b892220250c7b303e4f19d166e866e8a6ae205abc33c9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d6d0365c00ab4c3cf42b142b56fc2dc3

      SHA1

      593a0cacd706b5587fe180c5c780f88db8ea1eab

      SHA256

      8b588cba41027004f0be31172a3644b28ae6ac5e067cec9985ded63a4f218180

      SHA512

      84a6b8c54f9609b26a9cc6f70fa19d93c78251d63c9e8b9cbdebf1039799b39ecb47d507412dc33aa87a53d53d89e46e1980a98c4f94942a9bb409cc6fbc3355

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f6b3af27601de0dc670b48f1cfe8c8a2

      SHA1

      f4df499807f2e8ada8687a338afb51002901a0cb

      SHA256

      266aa4e9acfb74aa9cc07e09e336c03e8d8af61253d43522bb699b66e2c5a248

      SHA512

      af52d974649f797f756e78b69452c69e57e7e64eca8adfd0254ad4ea44b8536d7c714eabefa28b3307607d39d72f20f9d64e3ffd48cc91a94da5f91b1bdb67e2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      927fd9a26ac2cf1492be809f92abebd9

      SHA1

      133ae6c2ebaaa622529e510c249c0a1cdd4566f3

      SHA256

      ef78b1b0c5c5fa7506f67fca4df41a148ea0901462d45229b62a287bd81fe332

      SHA512

      deb8d05e911a62436b748aa1643c8b06f9ad858729aab75463f3fa5671abdd9fe6fe444cea672b855f4893b9bcd5627b6f0035ee93bf992cd651db50e81de17d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bba66970307e02a2092eb95af95a8f2a

      SHA1

      7f955171b6e8d45d6f47e342ed1d02b8b206d358

      SHA256

      c449fa94a19729b4d3e520621e99892f5f2876df83dd5353f14c04cda39b6ab8

      SHA512

      290cd81cfb65ab72ee44c9c8fc8a3a56caf7af84c730e6d6363e4f455d2b9181d5940aa2e86fbb1aa6dad6e3a989e534579c2c92b61a3f685c3cc8a80f6fba99

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7fad79ba4d4693dcd2febaeeb8fd2772

      SHA1

      109b6ce5b9bbe3e63980ccf89ff915deb1431ca4

      SHA256

      9ed577d867740abe27699e88d40eb60b0bd38e763c4887609bdb3122d1b96251

      SHA512

      ec5fc1d77ce78e1b074b94e52e27df69c257d1056dc28533bd5ec3f0532fad37220239f405dedf3dee9df5d268f3f630e50d7ffd5e87c54be50c96f7f126fec7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d2e112e0c7d29fa1b405db231bbbf3a0

      SHA1

      4873737762d2b7cd9555999eca7ae36b73ed2063

      SHA256

      0460740ad9690f2f143bd7bd9af3ca3414873c46dcbc6c6edd9bef6bda5029f0

      SHA512

      28ce676f421719b70ef73c5d66f25d1472072752a8308f3d03f2ac23be7904b894daaf8725fb70e67c72e1b200b88a41c28084d094bd7d73c5d743eb89e61304

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b3413d1fb7cbd8549dd9f1e24504b62f

      SHA1

      a10c6c479b9f96b1678e166b8ad0835b4e09ed4a

      SHA256

      1c9ffd3de5306cb7744f8826f35f6bb007be74f756f59c03d97fc2084ecb0fd0

      SHA512

      e3c35394f70ac1b260a523dd463e209fd83896a0b52ff2e424ea55cebf4114a4ada4ca8967a88fbdd7b4b25e775b9880040c142f49ed28760c76dcc61e430023

    • C:\Users\Admin\AppData\Local\Temp\CabA9D.tmp

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\Local\Temp\TarB21.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/884-489-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/884-491-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/884-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/884-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2916-482-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2916-483-0x00000000002B0000-0x00000000002BF000-memory.dmp

      Filesize

      60KB