Analysis

  • max time kernel
    137s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 01:40

General

  • Target

    859eff1d0644b219ebd63768388542d8_JaffaCakes118.html

  • Size

    130KB

  • MD5

    859eff1d0644b219ebd63768388542d8

  • SHA1

    6774cda1726b9975840e2f1e886b0110943cd81c

  • SHA256

    34417295ab14afa42260cc9ac7de0384a2f0307d0b3ea5426b4ba4359024ab00

  • SHA512

    7235bb0a7935fe9c358ddfc3f4498ed669f3b308ceddf9099f1c64dcde1cf66ed9aa3fd3d5d30774afb575cd533959f00f32d5fb09763807d0f365d969ff5330

  • SSDEEP

    1536:SBKCHoImP1sAlpEyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:ShmP1YyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\859eff1d0644b219ebd63768388542d8_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1792
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2440
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1928
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:920
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2072
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:406547 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1732

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6f5889834d28d068d48fc6f11721a67f

      SHA1

      bfd181d29e35b670014112505ce00f4142c19b18

      SHA256

      1bfabd7de98be0618cd72e840b4c3e0aeea59d0c9ab8b2b078054502b778edeb

      SHA512

      32562c94fe097a791e6c47f35f34f23080fa595c0a0ac76e3781fe11912ec257f2d179071f77cf424641b1d7f11b9f1486d7350db706925016f9bf82561fc999

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c5c1550b735e909786e897a7e93989fa

      SHA1

      48fc62b6f9b7ecb42146836bfc2051f28116237d

      SHA256

      a5bf416d8a19940be0e1b4d2171613ffec22333c9fd4eb104a5f9f3fa861d6e8

      SHA512

      2b25fff56eae4e80e2d3e643d4b5b7eca4fd4044bae20f9f7632612f9ac020c763a707869d21b70b9a9a35481070c46ed185c3b9d9444a8a2ef994b3d9876d71

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1bc62afc8884b7b7a1ed63e5c52098f0

      SHA1

      b13f349e761e2b8703b4d821a46345b62657765e

      SHA256

      0e831a98cd991ad8aa39ed197ea518e1f359e4ca9724cd506664e51a871b04c9

      SHA512

      ba9022da6ae29fd1b1d63e4d55ae8ab2d714fd6c647bcdd1507d3c688990c88032015fbf12d6ac255e1d6b9060066b89c5855c85b8f0cd6f1c60abf7951c4008

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ea3448f502e8595d72ef53dbcfaecc82

      SHA1

      4202f572b18abc8c61f438acaa17cbd3034e11cd

      SHA256

      fce4377cdfb6934fe1ec2c3e5c1089ad44ba5c59b753827ba316025ac873ae99

      SHA512

      b76a7a0ef113325276cfbbecd59a6b9cd816c299959d16b50f9ccaff28869a58f6633f13112c0fe0b8559a6798981e96f4ca06b4c55a9ade83ea9cae27257f7c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      414cf1c987b8d0a53553d531c550f892

      SHA1

      c4a94873e8af68cc85e108b3c12a8b65a12ce4f5

      SHA256

      1909a27c9870ce90b9bdeea3d93bb74806fa6ed3c5cf42f41580d823679dd68c

      SHA512

      cfb9c311b94af7dcdcde9e07c08d4d5ccf41a54e454cac5f74a0cb9ca91908473ede75ef0e0f0921f2346f99300e6e9077c46dace85e5abf1af7e0866b91ee22

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f9451559efd7aee84a3e41b500c0e167

      SHA1

      0d252403148c574d2326e469b9badafc81c236d2

      SHA256

      c7814526e09a42366f479921aff0a9d31cf30e08705995be0dfd34eca34c2a7a

      SHA512

      020556a080e357f464b685bb8cf4043666334b9ff0d7e8991b0f25ef7963cdf684989974ebd0bde77f68232ecac4998690f3a772f8ff25a405b5b64a65dfbdcf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      889c798127666c2df84bdf08806b9aef

      SHA1

      61551c60b56b919cde35f32d7613523e857a9008

      SHA256

      0e3254ddf8a0580ca31a3c404fcf1feada67c01b1fced63f537b9f00ab13b538

      SHA512

      b381fa1b56e2add5c7300b32a0677a999b5f062effd0a91c098835cabe7347e7807c275707cdd01b672f78784bcc79ba4c1c4b821a496cb8a0931615098d24a9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1f47dad93bb37b3a4332b4553b84fae8

      SHA1

      bac3d6e9ed782604e103325fb465f1eba1db48f9

      SHA256

      a2f9cdde556b8bb0d5af7984de8ef912f34a5a5fadeef32aa816a8d91b9f7d09

      SHA512

      0b3968c030214bd6603083b5e5b91d9a7810cc4f5be5b696db03df64edb767b3664f4d7be746e8a2d9716b615f6377958c0ca06142cf37384675083a43b7353a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cf25d76323216af44a02284db3a4cc1c

      SHA1

      c399f8d274f88bc14b68deb8b8fd569a911a34c9

      SHA256

      2e88a388f8c756e1b86b964e295560f1f5bfd8979ed005c8dab39e1cebba2024

      SHA512

      25807987831c5316d087b02ec342598ec699909bf388788bb497b78d50b9685a2b65bad93fab9fef067bcba82138f2043e03d3c53c6376e42b166663d2cce0d0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eaaca461889411f3e38b76d90b54b165

      SHA1

      cc5be8aff9039a64ca1cf7f0d750a523457489df

      SHA256

      76389d1ca2611f3516c116ff6691bea5b923a41ab09c9bb91633e2fd5a1fe7c6

      SHA512

      1bf705822d937108ca4c1fcceecfcc90e9838c49dc35e6727081c1a355bd474d609b477e2f1c82acb84ae1c9c14930c307a53d1cae816e2e9838e074bf74c9cb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a21281b6eaf419915163cd590ed3abc3

      SHA1

      e18525c2114f83a6b0eb3fea6e02089fc0ca9f9e

      SHA256

      457b217e64c5ab97c4f39ac7f0f7d257971b0897114839d6d0a84e887b5afe3f

      SHA512

      bac38c1367b24a4127c8ae562cf17791ec52b9cd729fe4fc2fed4d9fc849525d31b5f55d346bb34ab9a8c0c486b0633cbc3a06402139af7295efb4ee588ae6a3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4f023c31df69ee0045675fc105a3e8ae

      SHA1

      c1a71a433a341c4564245754b155ffbd0bc69349

      SHA256

      aad3faf8ca61f4947fe41394b53477bebb9b8956e363361fbf5af1381ef85969

      SHA512

      279ec86053959a2503b44cd0f9218d0602c4126515ec91540d8a3bd187daaf8b4284dc4d42b520339ead169d3e130de108404adcf4f20e3c511f7d6d5673e5e1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f3f3b19a9af1f6f24bf2b242281fd4dd

      SHA1

      ffefe2e38c6393f91e35f0f505063e6c09460c95

      SHA256

      eae5f6db0064d81746485e9e49a7b63c8774169898bde29af18200d964f1aff3

      SHA512

      8151a66e48e88f3e2cc6d2ebb13284b119d741fcedd654603c7aafedaa11a1f06b8f0f28f6878730bd022c0cb617c550dbec72899c8b897f3334ccd671faef18

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a63ad91febb69bd2fda6b996aed49ff8

      SHA1

      e022380573ee37798c24a2a9e4b1de2f220158bc

      SHA256

      839ceabd21e4b895da8939c94b3ff79bbe2c1542948d4919e592204ec43c61c1

      SHA512

      60272df9606be38f3bd599b9b71202b291566f94eeb65096489535f83a5e308e89d026a8931b73f6cda43f9e95e228f38888b4db4c798ddcf582c98d2083fca9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3665a7ab22a2cf34cd6b33db2789918b

      SHA1

      b3bdb8866e6b1e38ace85bfbd90cf0a0662d49aa

      SHA256

      9999b189fa0bdc9d51e7a4b025334d77bf8853d02a47dd1f073f9937db5a207c

      SHA512

      d942f65ee4f27adccedb4b46882d91045cad3a18724466394258f7ebfa11967f4ceaa41ef3d139552c8ba8e7d60ab7d0ca970491a3bc0f1b8ccc693fecc84b84

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0a6f17e08e1239475bfc81008e2c6566

      SHA1

      5a30fa15390ca8b45ad68f058dbecf7bcfbad068

      SHA256

      48a6b2a3409279a1da9499a1123696b327d0c36e82c4de79d4bfd341e63aedfb

      SHA512

      b2299e2baddd27796af56a2b3f171ebaab0db96adee64d9e4069b7045408d737eddad5e1f6791c350d44b872b2fc974f449ff3002d4a1d9209044d539185ab49

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      098165c0a59642329e0d2dbd816b121e

      SHA1

      002ad0633dde8554117add5ea1a53128db8d1d94

      SHA256

      9d39c16263612c7b4c889803dd33459eed7aaba65ebfa25cc2732d1a021394c9

      SHA512

      751d20214b251256b4f7b54760172cc0ce8ffcb4f1e04d4b22d2584861b3f5fce78c80d0f7a415729bd7b7d78030c2884b91d125885a452c5e62a2d800ebba07

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9d1b928378a63c5ba20091c24abd50e8

      SHA1

      bd5a694c1c0bef0fbf8af767d59d7ee9b18d194a

      SHA256

      d83dccf6938ff0d4fa5cae297c32ed0159411ab0c501b8ae314597fab27f5634

      SHA512

      101253641929c3200bfadfed371ece9a654d3bec9b6ce2fb9d3d34be62f0ef6af6049deefe51a0ad31eed64855114a3aa95dcdad5939cb99b5c33ccabb0e6be3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      421eb4a0d9275e59168e39b4dc8b77b6

      SHA1

      25f0fe21e288041a86348edfa1e5a0d245c8e841

      SHA256

      c272c61b3071b75077b502e7a91ddcc5990bcdc7bbc3ac1f0af00a624633ad46

      SHA512

      c69f7404ddaaa78ff885e1639355d0475fa3edd6f8f647ed50d3124b74d2620b8f385a6f22862e04ca96ea5252f26aaa8b835f80351690bc2f941129f21a2e36

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      842002e4b217b140fef647b4ab37f33b

      SHA1

      840ff8772a7719cef2f06a3bddaf30c0712df917

      SHA256

      377cd733273a2a1218a808893689347e719f44d5ceab13b08c03ddf5ee3adeae

      SHA512

      90bfe0b1b18a3e4924b1f75c756caca28e062f571bba3388f2cd48623b2a504a663a5d6214c527f1dc664e3365812eabe43482d1c0f8a3a5ecc54ceadf6d955d

    • C:\Users\Admin\AppData\Local\Temp\Cab149C.tmp

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\Local\Temp\Tar154E.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/920-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/920-491-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1928-480-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1928-483-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/1928-485-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB