Analysis

  • max time kernel
    136s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 01:01

General

  • Target

    8583ee04049246204e6b6bcc587e0e2c_JaffaCakes118.html

  • Size

    160KB

  • MD5

    8583ee04049246204e6b6bcc587e0e2c

  • SHA1

    7fbe4bd6202b9649e8db78792fbf203851cbfcec

  • SHA256

    e438e280bfa73e5e4ef320bf3634585ea61fc9081a3494972b2d23cc5d07534c

  • SHA512

    cf1c47238881ea24cd2d318b23d6439116b90747c2a2e47fc35421e7a8cfeb1799553ac7afb948a52bab48747b978e9d1b1ae3b0272a8af90bfac5da7c4c733c

  • SSDEEP

    3072:ilL6+QPwzyfkMY+BES09JXAnyrZalI+YQ:i5TWsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8583ee04049246204e6b6bcc587e0e2c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2292
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:628
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2800
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275476 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        PID:2748

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9acfa61a20d0fe65b05a50be894244a1

      SHA1

      6a6c87ffde2f6b849b196450d194f6e27b3d4a00

      SHA256

      ec8330161695f6c72cad32c87d97a8b9521cd389877c530580cbef50f61fc9f6

      SHA512

      e390bb5661b5d832146bbdbfa26a5ea6cd598167407b77833a02e40e0f24ecc54852c5370f5127de895bd7dd09dbd05466ccfa0b63be538304796b5ba97cbb72

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d2a2b27d34d873155a049a7c390c54d1

      SHA1

      dfadc4a85681f84ea97221d815089f4a4da947cd

      SHA256

      00a3b7100b645ea4d70f27deadb1ba4fe061d40dabbe1beb8f09486c1c2497de

      SHA512

      7cef5570d2571cc965fe698192dd866e3e1288d1484697652db3fed15351e6531c481f19509dc5eaa7b025da2ffee44d0735a03fa01383d00a035be98d14c037

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      705a3ccea79bf3a976327a05cf0b6449

      SHA1

      94982d6df186ee27ee156835c345a73432688a82

      SHA256

      cf12c345a6d09bbd90c918c074cc21c69a6a0b52937b5e5c8fbb0409c340f3ed

      SHA512

      f4ee01ae24e16a40d5f92228071135b3576d13c871da12ca1c3aa1e4c8a0e284aedf7aa2d1d9956ab5ee5b562f9e7ca300bc70d9d5aa6940bfac6ff91ae24bed

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      900fb3e539a867fe3cce0337a88f749f

      SHA1

      41a0b60a2dcd973b023f52b75b892fdd4f112b6f

      SHA256

      98fdcd67d9ce8bad8c713a08df097e751ecfd0ca1404d0f96ddfd85d7492a9a5

      SHA512

      80211a2d99727ba8041a0359991925af120c03a2337e1a86bb7663b0ca5851faa1fb12fe3c05fd0419e8f57eee38292fbbc7e65a20159f8c557e1d0cdc6f7045

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      85596411b03408dfe0c54c1c6bfbd901

      SHA1

      5afc158b1b86463ee2f6641a93d4dcfc99f61aa0

      SHA256

      cd8015434a867c6bd31bf7a41766a9829fb4cc0e22405be0cab94764120defbe

      SHA512

      24a16b51b38ffcc1ddc71f15c4aead70417f158141bbe50078446c8e59b403c9a700a65d082d0e54cb5215082526015e858b65329c4131e6c9a33278f21a7af2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      64e7f0776c6d44581cb4a5435d361aaf

      SHA1

      96314a78c70994aa9408beba690f5f3eaa7c2866

      SHA256

      4f690fe8920bc3341ed322526c3db12b42ea3ae0ded0623aea0d8313b25cadbc

      SHA512

      61c32a4796ec3ffb5de4dcc6e4570ba42a8c1e667388416f904959825d25a4e61d0b44e860a04e727f4923fb53169a073c18b435ad2bccad22095ccb47cce215

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d98d336af5053b83c7ed4f1fdd7bec23

      SHA1

      df1719f0008eda896d4b8cebe477f03efd97e58b

      SHA256

      537707198437c91f3fa046c7ff78138f8c633c5504e4ee5a89079195f740510e

      SHA512

      c8f01f8a440748e4fec4a788ad9f56f127f5af1d1c9c1f9e629e025624dfbeac2520ec6eaf983f54d3bb40b41a168d70517142d9f9e083037832116c1454dce1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2f492b8bcd59b79aba5706a550edea5b

      SHA1

      fc0e7d6fdd2c741baf6e0a2ae7d3529c3d4cda61

      SHA256

      0af62d29de4422cd9c9dc94bb121ab87670d6b340bad82357eabbac2064372f5

      SHA512

      be3a04f2013908937b365abc648cdcba1b1504b0af9cf703b69290781d76bf69d392e3254b2c6e78a0ac889f45d5b22bb400d83f8d1a4d9137140264977dbad0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4acd4e0e40a018062d3641d701c707be

      SHA1

      5b469d9fffdabcf69f0402c2e6a21130ee99b3f7

      SHA256

      c8f4d8eb416105b395493d996b1f0c6098c8312d686d5fcb756e9d8e268f0580

      SHA512

      381d429a5b9beec940f17989f98e2e5f47de214eb2788a7d2c23bca66a04a96cd1ee5e52b91e72dfb128e8c70139b6877dd33d3e01cb7cede72edbbe04ca09ce

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      afee624bc44210b29443b040e959836b

      SHA1

      ef5aca384e63e3ab26d5cdc15dc17b5c9da6d238

      SHA256

      780c1a97a71c6b0cc80508aed2080b9ff8914da8170a2b57ee3e610fb7f07e91

      SHA512

      0e0088fbd1648966254a42b3b529c2d5ff4f09490f6700d8232e8989680a93112ae6c920f859f09ce62fd40e5c9d30e20bda42ceaa7dc41785e8513156758523

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      62aa304c1f9180d5eec298faf32c8b64

      SHA1

      bbb6b9a42613744d746c1f8867952ff11b8a773e

      SHA256

      bcbc62aeb98c913927b5160b39dda7c5ec9b354d9ade32c9a471b2066c807389

      SHA512

      39a0aa9158b3a62502c391706eea5ac8bcd60e6e78d1b8e330a1f573ff03d195e3eee0a57ed6ae31aa50e5f7d8435c4f35f5e87b4f824314f5ef000c406c093d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      33b84f98fd9c2cbc93af308826ed8d1d

      SHA1

      652a4652652db216441f57a84a9b2e44b1914525

      SHA256

      2e84f5358f957e62d418fc5cb3b2972631b67a5c4756952dc06f796467e79ba4

      SHA512

      8889b421555fda086ba80e918302e0677501ffd4efd9ffcd6a81b13f91f502bdf27e801e62126e0ff404c1f1a00cd8d38e6dc9fc30c741233f736a0cd46e4034

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ce08b320fd49beed6b212a2b3a5874d8

      SHA1

      77169c9b1bf0f4cf647d50301448fefa1f3bac6c

      SHA256

      7d8aeaa870056a9cf3b558faba3de6731b61f5efe54c3e26f2e484f54268ca30

      SHA512

      8c319ec2a0ea9795ec8caa7714f74571355f1af0260494bb926d8d9b963d9524f714eddb49ed70f18356d15990e9660cb98dfc898126329404921fa12d742a76

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0516ebe40ac5fc6d1142ca3b29685deb

      SHA1

      72aa2901099c64fd1c2bc94e0b7b3c1549e8b8d5

      SHA256

      d902ba4ceac66e94544a5bf6071cc4efdfa4523ba9f6ba1354bfcac23af27aff

      SHA512

      90794a0921c261de2e30b60a8ee1551ba172643be60d3f831180924638b41725d60f1c917b9afdfb1a031bd1264d9db729c93f591a787588b88dbe2451ca6a8c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bc788bd469c37d82969b71ef4ede59fc

      SHA1

      35568d0e6a4ce2adb7a8ffd5cc013bc224ade398

      SHA256

      ffb647a7b07a99f1afa63ab0662dcc2d1b574d9cc874146bb3b743f41cf58483

      SHA512

      34eb1530f1063dfa9e5112f8e335cbed0a23a8cb043d8f9631252966086dedd444ffb5c8d33706df5c17822d30c06109515cf01b7d7d609e3ca26081cc219132

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      551c5bfe2b833c95e0a661465ce19684

      SHA1

      9288136974628bac7622756d73a9beeaeb2b804c

      SHA256

      b32a3825fde80fedbe80eb019342a4191154f26e069211b85717c5e84ce79db2

      SHA512

      a390c12375cbcbabfe026ed9b6d475192240963404bcb736ede153d7c8046a632f89ab74d03110494fbc0dc0a040a335afb0b5173186b465d96ec82af24cb5aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4fbf3b094b08f0481dc52f8ec4a1f647

      SHA1

      5f437f8580903ecd08a478de856989ab21044886

      SHA256

      169f3870a611416378b0a2ee5ed4c63e5adf6ec5e88def57eccb9be18939b95d

      SHA512

      657dadac64e974f62e686fd17c4da5de5fdc670cb0e967c45cfa2089091a0241d493a13458110ce1b271ba0ebfd592ca1764695ad74518e49fd0f926e259c61c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e1fe960332602e758c665e40d8480629

      SHA1

      39422ca2e09fbe4852d5968df4bcf02f053ef82d

      SHA256

      b2b3f33f6244d1008a2b837563a3f916154276660c4d935ff02a2cfe76f07b30

      SHA512

      c1a805928a8c8ecb96b24b2a9b87fbb97be13386403fd4d1ca1a3a9130e23ffedd8ee4c5f0418d4634b3a85efbb56003aedb697100d40aac49d6e85d2283afa8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      24ea0f8a7a53a63b8a2a314ddf9699fa

      SHA1

      06b3102acb4a5575b9e3b8d00a6351c8ce6a7b84

      SHA256

      38371790e6c2350ff1040adc926cb93e22033787e7ae5eed2db2176a44408f25

      SHA512

      4fe2f3c9a4a0deee8eca2bedb975cf43aa875a5129729f3f984f0f2db1a7ce16beee5a3fac0df715d3c3f3ee8c982c194eafe1a88df5f4e78759080dbd04eb12

    • C:\Users\Admin\AppData\Local\Temp\Cab144D.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar152F.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/628-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/628-490-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/628-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/628-494-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/628-495-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2292-482-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2292-483-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2292-480-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB