Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 02:01

General

  • Target

    82b6013275bfdcb021620e08be0a5776_JaffaCakes118.html

  • Size

    181KB

  • MD5

    82b6013275bfdcb021620e08be0a5776

  • SHA1

    34ed13e6f7edf7db39bfec4411be25ed3c280fc1

  • SHA256

    1e6c64276cdeb8a0ee1e120cbfc9f935732e6bcbccea4e6987de36ca32571789

  • SHA512

    df69fbfd4239fbd5979face603639983719a2464d7762333919ddad3402dd133380e4f397f4c340852e9e610241ba0794f94163c9256048e8be1176833858923

  • SSDEEP

    3072:SeKyfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFiM:SevsMYod+X3oI+Yn86/U9jFiM

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82b6013275bfdcb021620e08be0a5776_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2500
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2072
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275466 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2516

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      42b8450124e62cd846af07e0a077ee72

      SHA1

      ce00d202d5468612b95593a070a011f26bbf6062

      SHA256

      e670263d2a1e3850478bb2e71fa66a49c3603fbd78f555234a192d52d998f79e

      SHA512

      afff4a6827cab8b5c6843b515209eff208aeea8571392c1977999eb5b1df04f1396c67a5fd527b37685a3e0e6ab6a16c533e4346019694675513d8091ed129c4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bb3509795c0e070b38725054046bb525

      SHA1

      f625da4bd346f1ec9d7ccb79f9604ec21ace97a1

      SHA256

      3059de6206bb108d287e6916b14e494e4ea3cb4483e32ff9c2f2605398a24608

      SHA512

      24198f7747b550b1d2378bbe01d07c3681855fae70b69318ea8733e3e05196db79fb5e1bb82f8855558823649d2c6d3213874b8892d83a184b2cb90a1a5539b9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7b315ca19dd6c93de87ae59e6c16c828

      SHA1

      82f1dea3bf4f98b05b15166419a77b8c09f2df12

      SHA256

      87ac3ee38112b51ffb7f839842ee66a4ceaebc4ad0f089ba223a71fd12d96685

      SHA512

      37384887aa42b181a6e43dce73d7ee59d87268445fa7ffa89a626ba1a169a0e913deb662c86f6e8834b9a66a082698ee5118b1c398f71c6b62f123ca0dc45f2d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      09a6505e627873e0f69af2b7e84938fd

      SHA1

      053342763d212584cef836e25d37f75996b0ca97

      SHA256

      c0f7da4c2e0e1269f9cebf12df31e8bb2a668253e3029ecd55207a0948b70eb6

      SHA512

      1312ff619666c79e9855bafb308097ad750c22974df65b01d380beea8bd634d0632f42f19c4e84b483d9b7d4b45679ff34ce6a2289459e74274dc04f4fdf4056

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f4da41face93075818a6c726e1fbbed8

      SHA1

      35d83908e32dd6ac02f40261aa7bac5a5da14a36

      SHA256

      d6c92003db18b47b8bd65e9314fc52d91ce9bcb8e8d702f363498ba50a40647f

      SHA512

      0477cb3dd6ac1ec43ad22c56d01a5cbb65501495185c0381c1c47ddb1807e13b868774d4cbbc119812aab4c3c607559d0307a3283117145ee2aa68b74dcf3a05

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7d1e059aa9095f527e94594098ec5bde

      SHA1

      8c7a3ef51fcf2096636437f477b3cf09df6b7fef

      SHA256

      dd394f4a032ceb256d162d03af069d7ffb38a5c9ebfcf830a4a114eddb8ba795

      SHA512

      3ebe8e9132d852976b0976022b7f3784344595f5c029ab85030d86f02c84d3d2335e100a77735fc2b36b16cbe229f8c79199cecd704b255808829a7e17f8211c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a695bee835b1c3fee74c9b7ec08adf98

      SHA1

      646a280fdfc66b198e046260a43b95edfadd69d4

      SHA256

      22ffb84fff62b7d959d73e4e5f530f07d7a0b550a8562e92213d4fafb751d309

      SHA512

      55acbb72af720112ee097f7e02bea9befedb03a6dad97f556e51c853ae686d821179c254dc2e8bc969e3263da28143d6e626de1112e8517a67855887931b9ce8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f3c9b4ccffb03960a956e8d2f322ff16

      SHA1

      caa487ba7d9260b170a0772dd30a010af9d503ad

      SHA256

      a3bbc40ab52fde89840e6c69beeb85d80f012f41b82e97520d14db1c97dcff0a

      SHA512

      144a18f972597f7ea5d95dc3f3c302a853e9ebd246517b6aea1dbda5ba6c32f793744bc510ad2c72f60b28a6732d3d7db6fc41d4fadf9fc8f6229fa421b163b9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e68b79930c0d755570160b8e8f399883

      SHA1

      d88c40144f35bfc96173946ac3a75897fa9339b0

      SHA256

      7c06187beb4df55861c6d333d8dd189f770d9ccfa2b2d3e0da70baaf2062250e

      SHA512

      84393873388ef1a1e1d68ee515ac400bcd01853564e3c30b28a38afab3e82583233d8cb0631460e0fab0c124bc62ebeae3bdc16b9583af784fc11b8ce78942df

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4b5de6c59ec9f1dc4205db593b69f383

      SHA1

      6184979601add1938de2e40ce8b6373320b7d9c9

      SHA256

      39c538e22e96b6155e5c04609222477de7b5358a1ddfaeff7cff1d8c62ae64a1

      SHA512

      3f3b89105ab89435c96b28c2547d448ebfbc37c5a8c774cf2a1b1d32422e40f5b815993e384c55c93c03a31e4812c6e667ab8133497bb0ddc24ca4a9302c06e1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5d7004578e5f2e6e56ac27ca9b026b8e

      SHA1

      5cfc496ca2585e92283a53b6acd04ec1f9dfc5f7

      SHA256

      2a9870b4e0bd382eda9c8172304737a7b1cf3f39667a4c1c28b10ac15485eaa9

      SHA512

      a25a736de20b68a08c272e62a0bb63fe9c36b3eaaf0385f7c1d147f0416b94c7016cdf90ff85a96082bed3c116d2e5dc723a03b3af4bec4dfbddbab26818c24f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6a9ae8d78ab7e1e13e719c87ef670f9d

      SHA1

      3c795af3d861931a14ee741336d62a0fce6afe00

      SHA256

      6cffbcbe5c6c392a97fac00bedb2d7f566e0906f542433bcb2cf7d8857a1a8cb

      SHA512

      fc5f317aff6878411e1f8c3e8501e70f08191e0ea399a2255611f351643e8d816274a6378e1e6bfbbef48efe22d7d5956fdcf718bf03297ee99b50c9bb27f2bc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b859275ff292396fcd96cb8fb5d07f65

      SHA1

      bbaa50368ed366b15a27c6ae6a48eca9094a765a

      SHA256

      997fd621c3a8008f402057563b4b4c5d90459de280293622493fa7a736707a97

      SHA512

      fbc05afe41c9442044ef1aef052af7ebd35c0903a8609ec529487bbd3c2795f646cf1135c656b48b7e11d33d790c153670744be64d6478436a83c926c72445b8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0fdf352c77d88fc15ddfc68e6a42bb61

      SHA1

      c05ca5d823f5a70be7cf02469d4d262514de46f2

      SHA256

      7bd3e4cdaea4419be71c1f23cbf67b92ac4fb516cff2ec440d62eeb2fddf10dc

      SHA512

      2cabdb261b3eed78db5e3a524ed000da307ae34fa148d2e055ad3afe0d50a1cb4f9fa7d1211a6de49077459821ae0a640d13fe8e65568b9208fe16cc87d3c0e1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2331b3b916a493cea9f6c2536a1125c2

      SHA1

      f905a62b3fbe1a6964478dff8c311ed55f4cfdf9

      SHA256

      d2dd0d2c97eb2780779fd499ec346889ef3d5355f40af3b5c81129e5b0eec077

      SHA512

      7e3f8f4be03b67f218660a0b4df173bccfd1524f30922013e6421ce3ebb5111ee798edcbfa7cb6b3129136e5407b5ca18857bca7d1d0249b2986dd8ac03e3cee

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e93e63c72b50005a043046ed4fdc18b1

      SHA1

      6ed56af46e76a4bef3993c9375b79920c65d3cc5

      SHA256

      de37f859a0123f094248b7ce09cd19d5ce4d89eb7b8242aa7ed48e68b2ad1032

      SHA512

      f386c950bb71a82cbb35e2085aaea4916e4c03b89dcfd432f8fa31b2a27ab63d5b5e171cf3b97a7e13a30cd57bd01077b536310492d60268ade8bb77b4f27ab9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ff320eb6cd4846e748392da87262c706

      SHA1

      025c69f1d26ee770b8ebddf126b2728380a8029f

      SHA256

      25a120d66bbefc3ca9c078fd0c3d68df49d63b0c019b9c0e49de9531286ffe5c

      SHA512

      2a2734d9ccc0db543197c2d5e1dbf476ba9534583a4bd04947aa6b9aefa70c616225b64ae10add9e7612204a649dba97859f7f635e8bc7797a136c0f9c6f5d4d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      91774b1324e4b3fcd318488297d0d522

      SHA1

      47e4d0901264b606a62d43a75e1ff6aec2bf077f

      SHA256

      8ed7f1a36d02a597295b6088a5e020f67efabf08abb38a1d6faefd9bd5e78dff

      SHA512

      2f8e374ab8c4e282e6f7d3f89e4bd0faa3043d8924829ecb2ebf9f8dbd38ad03893983db502a5986bae2fd2cc498430c7fcc9a527830111fa3a0da6b006174ea

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9b46c7946c00c994307e70d28e5a847f

      SHA1

      9734125562a2e8a852afab15168485c93f8d67a1

      SHA256

      1bd74baca0c2750905a626ad71e52721ef8a135b9ced430050e5e7f559b1bc8f

      SHA512

      36946795cc6d35cf1b78dd39d4b559771d3bed6cf1e4941ad4ec2ba8eea51e83956bd7c7b0027cced73dd596776288791371a990b21cc3fbfab49d05614aa887

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9471d8c9ea1e14bef0a3bb99e7ffa7af

      SHA1

      524843a3db8d4fb988c44eddcd20953ca8873d5c

      SHA256

      d8aa3958bb3a6dbd5c0c453866d3648e59eae64121354618a033ca2fb8e38f13

      SHA512

      a132ca695db6dc34c73997f638de85ddcdb533599b87ca8378a14b4ff98d45c006eb7802e50c602328ac32dcf3e0ba04d48380a8022da8c556eda8766aed7af7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4f0f2780f6a40af299f3ba49569cdea0

      SHA1

      8793b764555e28b2f84ebbdd7808e2fdbc52f238

      SHA256

      d941dc628634ec8a18e94b183e8e7d4e565baa2fa7c701f28dea98488813ba51

      SHA512

      c17d7b46ba02ba67489e8206f66c09a04f77e47d08e5261d33a6f25a0ec0457eb0e67f161c9bc726a1d0d88d1efcd86b97de1e4ca7abecf25964a3e947601ffc

    • C:\Users\Admin\AppData\Local\Temp\Cab342C.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar34FF.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      83KB

      MD5

      c5c99988728c550282ae76270b649ea1

      SHA1

      113e8ff0910f393a41d5e63d43ec3653984c63d6

      SHA256

      d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3

      SHA512

      66e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d

    • memory/2072-15-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/2072-16-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/2072-18-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2072-20-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/2500-8-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2500-7-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB