Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 01:39

General

  • Target

    859e3a54ca79eb18eaf6fe111a8a527b_JaffaCakes118.html

  • Size

    159KB

  • MD5

    859e3a54ca79eb18eaf6fe111a8a527b

  • SHA1

    36742d4be0f217f7f27d2ffb5c3cf04996812cd8

  • SHA256

    20ce5aa6d072d9cf1ecd146e54b36b322b5181461836e7d4bdfc2359bd21743b

  • SHA512

    805ceaa87d489202c9dfe037bc194e3f9c7585eca7ddccf08b6c8f82ae1e5f421322a449373713ecc4765ed9b00eca49084baf128a3af56a0d0037cb2b6f0c7d

  • SSDEEP

    1536:igRTlK8SlHZmbvgqhtyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:iKmAtyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\859e3a54ca79eb18eaf6fe111a8a527b_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2204
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:884
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1728
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:406545 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1596

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      423cf4145fb97a383da63167fc4e19aa

      SHA1

      9bd09105c655720558b083ab87f9cf9c9e7e3316

      SHA256

      2344979bcd14d46d40c577e1649989de877fce9bb6cc13b465a2bf455d40ece0

      SHA512

      fc820c76c2dfaad3c5b035339a61cc889084f1e0423c526b74bba706a98194f3032dd7804fbaac570db99a3bd6f681b1ccbf6e227a45244ad48bfd2f1f999e38

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      980f2c977d5a8becee2c26fafc8510e5

      SHA1

      677e169bc829e790f5d12ca2c73453fbb0595ee4

      SHA256

      3983e80fe75a64dcd39ddae09790a715ffd82fce544d0f675fd0396bd4386fb3

      SHA512

      3978c708669b4923a7aeabfb13d5a20f75aa259cca06928e39de0ec232f08e2014c0d33a42ad29dcb5735795fef881774ee4da955763c78b50ef81776982c0f2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cf52c76048f9bf2e30dc22487c952ed3

      SHA1

      1a4d79e333124e02305c07532a28ec00235d8d4e

      SHA256

      656197f42625a3cf07f1a38cfa7ef3f037f02aaf0ac3cbf7cb3eaf1babc9747b

      SHA512

      407e7079181ee19f0686723328adc39bebf1d7ce7fa75c619eb5b21e3d54503570fc1010da71d0c7e28ce9256aa99a3bac137602c714c68a3c4c54cd4fb09260

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fc2e3de4e6d41754fcd245b6401e55ae

      SHA1

      867d0bf058a0ae6fd6c56f32620aaa87392b69f9

      SHA256

      0cf39b7ebf3a74d594d80603e98362fb0ed4839a483a6e53e796c66f9d15462e

      SHA512

      3d5a0d8b1de82409e5a4fd35fc7ce61a34a0905a1bc3e4c447fd7b5e010f924d2256d43d5703a4497fd0e13310d84479c18407c8469f55659e4bca8c44a8f858

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      592a9e8ae2507d58ca3eb4f8bcd89768

      SHA1

      c847cefe36d9f9a301af8073bdabec267558ba65

      SHA256

      e977e0a7afe72e6e69d89aec241b9543871c5d1455e9581cae141de39d125541

      SHA512

      266eec85dd48ffd2e068c4b17b9363ece8c4e4698d48b69730b5e37dc9e2027055b74862de9fd76ffca6e897109d7c65c98271bde753ba043c8760a20de41400

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7724b95dd23f715fdb80db81b2232539

      SHA1

      2cfb71b6c0d008652073e509a5cabfab686c770e

      SHA256

      f8855f6cf79967074c8d98363e86c335e93fd93c5724fcbec087747a8126b769

      SHA512

      3cdfcf51df1de02621b0bf2fdbc8af66418e6e28570376ed72351893fa6ff55dd744905041bb18689014855171f9fd0e3421df37d40252010e9074855b1ae02c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7b1be23e1ff79705f4d78ff02563a74a

      SHA1

      ea79337aa356e711f94fd31bbfc3bfeb3db9ce37

      SHA256

      85eebe6c61f86b49697c8e772ea93c3a259355e5509a07807d02c4b0855fb1e5

      SHA512

      0b516f3c6fbe690ee679ae91edecf7585e94b32eb9d28e7802b57a7b966989448b987c7584e430fa92bacc3c0ac0a5447c1ff4d1269ab793a255e1e9b02279dd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d72485bf1a938b1c33e15a214efe7674

      SHA1

      d17e697e56dd8aa4b94a2ba2dd9f777d4434b4a5

      SHA256

      04d727dc9370677e4a528da24f9445b5c67dbad18f219e60376bea54bdcb78db

      SHA512

      c87e89602d51fad9a1a72a4665ddbcc9f5e862661a920ecb25fa66a97c94c6f5a8a2a533d96a7969b2f23969a7775ec684a1f686221610bce28ac2e0ca5a2544

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fb6e9b3d533c8855ffe5fb48ba8a4d38

      SHA1

      dfdefcb356163aba1c9c208fcd42ec371c7560a6

      SHA256

      7904745af223756c7265bc623be9823c4cb1432cdd9c821ce5fe989ef548002f

      SHA512

      097352ccfccb1bd4240f759418be08ecab2918681029223419f840165e0516f3e6fce61f573f53389896e11395cec1273f5fd32ca66eded0bfb1412185d37cd7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8a91840b0518412a6a4181400abf1844

      SHA1

      464bd9505758ca5591c656a49b6c99ae5ded9033

      SHA256

      925545794a44135aa65e89dda40cf51e42357af23cf2dceae2c81897e507eda5

      SHA512

      379ed299d4f26a57f4ee6f8321eed45442a05c2c7b7edede166b81adae1bc5412717f30f6b13ff44e0fcc3a540db80eded77b722ab9dd98dc8d9c5525e29d11d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eac677c7582868438e500c736917c28c

      SHA1

      cb0a4da3f6eaa9b7600c57e316d2be79600ac736

      SHA256

      241632f19cbda27f4ac3371b71a7b0cc58d09c898a0a454c910c9becfb16b477

      SHA512

      a72ce21c161361cc54ad13ea6d3d2ee9dfde344b395222846e97b4d22221f59eacdb321b4e6a28b9876ee8c6b1091355dd3e18df87717c2c51a9934b876708e3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      39a632a4ebb8762d96974cb1bb7772ce

      SHA1

      df9c7bea8bef1cd037b2cc0e55f1cb1e84c23dfb

      SHA256

      8c3fda20bf952d96ff197dc2316e3c07856acbeb420116fc212053c2993a492b

      SHA512

      412b14e86d0009dfff6d4b9bbeb3d8d5ad73febc77df9f92ffc78c68c0e81d4e747a18c41649a23456c7a1add5144958aa0e5f0120cd1798b474d0b9c0060f49

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      87c99c5a75daae8e42ec91a38e1e2959

      SHA1

      d14055f1b5adc0929b5593673243dcb905ecbb59

      SHA256

      02dc9896f6d2ffec55458634d1aad92faa3151b69e4f1d8d11c90494a8716d6d

      SHA512

      1e15d3d82f6e0e72264c21156c90c3ce883395dc83b9fbdef50bddb5bd0c09c0e4c7b1f25988260589f6450fde0ebc160e763dc637391b1db37c00ef65599f74

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2e72abd62b694893e83e8450fa00c968

      SHA1

      f2b6e42fd543aa9a6da4f3df846c41c239913bb0

      SHA256

      9c6e8a179aaacd3bf66196529fb511a849a675477f1b8251439ecd95181bb8f0

      SHA512

      fec7d11a23d55235fb9ec6ae97a6d9c599a80c9dc864ebca787c4e3ed81ba65de915dec9f19519c0944ec55e7e720b5b2f62f9f8ee54612e2955c5aca04a44aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      02a378423672772b5661f37bf7ab70ec

      SHA1

      6aee9d3b34c390fffa2f125b37a006e52e495c1e

      SHA256

      931d18e9e8ccdf67f435e0c91fabc6fd9d81c19a0850fc027b8a64e3f091de6d

      SHA512

      ad133976c9e31d48716fb8bde71a954a7c0063dc7231d0a8d446612b85bc3b2a28cb378b0b5c81ecda7ab6e8ad62435543714b7eb271112522fa79e3003e716e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6cc231bff6b56c4f91d13c725ef3e249

      SHA1

      4bb0af10edb38a41b72d657e751532832a997e93

      SHA256

      895be71d009288465d756bec0bb63fcf74d50a21b2c53ed29198ac7b1586de19

      SHA512

      0e81664f2afd23204df20d6a1dc195d99a66143256c4044191be4dac9f584c9f53bbffef24de7b396036c20b31f757ca995c6b8a2c6e1252f3cbc9438aba3c68

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      98d362866536d1af76c732937725b1f2

      SHA1

      78b8e234d68a72616af73cfd087cab95f01dcb4c

      SHA256

      b8e065c13e833e8e5fc5d369fdc5099e34c5b258532068967090af3608a064a3

      SHA512

      ec6f4402121e09f646c01a0d7466e76279cace93f219f0cd166b91a84823655406b79ec97c760dee6f7b0707390e2ec19d8ddb17c2af285e7b8a8cb668d07cf5

    • C:\Users\Admin\AppData\Local\Temp\Cab1D02.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Cab1DE1.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar1E15.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/884-490-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/884-492-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

    • memory/884-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2204-486-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2204-481-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2204-480-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB