Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 01:34

General

  • Target

    859a50b6d1f24bb60b546c222e0b5122_JaffaCakes118.html

  • Size

    124KB

  • MD5

    859a50b6d1f24bb60b546c222e0b5122

  • SHA1

    f7fb1601571c7b9bc01011bf8149c9d5875b42e5

  • SHA256

    9ff8430843784ba6628548a8f544eb7f7166aa9beb0bfe7c6212f5bad70e86fe

  • SHA512

    da2fdc2275261c48b947bc279d45ef4da2eef70a2b631e5a21cf312568465c885848e8f310573d41180bfd6bd76675174a68e82668d464a5e747c57cd0bbef6a

  • SSDEEP

    1536:S+UGyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGC3:S+PyfkMY+BES09JXAnyrZalI+YN

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\859a50b6d1f24bb60b546c222e0b5122_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2068
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2692
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2784
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2684
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275465 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1940

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      252B

      MD5

      c1a95ac1a90e7d714d06f3748871c1f9

      SHA1

      4e5b745d0986cb00e77ed64730f0b9eb47d1fe87

      SHA256

      0a9f0871d870b3fbe1effc86f67979980e41a2301b82a248059c3bfbe0b08619

      SHA512

      c89b3e1f340ceee80292c01be408e0b24f427b5b2d46d22c28c25a4dcb4fb8a53747482cca0912e7d60b7a0d600e946c9a00df2026ea05b0c5789f9beef47578

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7a5902efde30efef7a77c39280b84fa6

      SHA1

      21217ef260eb8d07d43b4fb766147b6c73c78467

      SHA256

      150a882260724bd3b0e5fad293f00024e59a5e10847f491cd46f8ceeceeb8dda

      SHA512

      cd3ac6687404ac115e8709fdcbed10c7a16fba9732abb80cd662a7bf714f13abc5eac9053784f6e90e11b488f1f8898958d3deea89335af55cbb6177b1978104

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3241c1ae3cf283975d4c90993970a460

      SHA1

      a20573f7f642dddf6cc6aa399b6baea817bea149

      SHA256

      3ec06128722ee28eb365678e3f92e519f5d6f5e7c1cc6355634c9d4f3e5d25ea

      SHA512

      07533ecb5f14da82385c2adc4e44b5ab3f6c57a7283652cd02591eaefc93057155e5d39f709eddc879e480d2175bcab5647965cf6aaf70af6a31e6fd2375c65c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cac6a51554c306cc505f50961de93267

      SHA1

      021a2c6a0f4a41e8226abdf423a5eee165b7a407

      SHA256

      5735d58b3506788dd87b3dc18d34ecf6d0ea9a9351e6e4f429a4d89334f67fcc

      SHA512

      a3e499f472619b25491e721c919796fcd1464f1ede3c99d3dfe071d1a20957d9cb76fdf65b8de40a2b0c1baabc8bccc0f6c621890dcea2c2d9f31969d47984fe

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a28beaf6ab7fd34b45c485fbedbc7c1a

      SHA1

      90f0a7eb222b67be763ac0eb659e21c2e81988d4

      SHA256

      340a81e0feb05fbf1c47e66c25e04c03eb593ca2d8d0c229b1e37dfcd4ce21f9

      SHA512

      58f6239ae31e981988bc71e8d286aff2047f2c38f6a219bc8d36c1381129c85bac9e82d4f802d2cf0da96469cb2d2a74a043af3535f6a5a57ab8e1e0cb0500b5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d478b0cd569cd17b494abe98966873da

      SHA1

      4a9bb4740797e73a0b3c657de0466e50953ebcf5

      SHA256

      90205a5bf350a2873353837c9756c908c80029029e18f144d2c043e274bdf98f

      SHA512

      50e197a206f7ea741596d21571a17ca1828a8918fb57902381e15aae332f952052957d97dfa52c8233553f5f5a79fec6e8d6c008d575f6bc28d30bfc491077c8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e334869d13439e4f235556b1066b6188

      SHA1

      4b4d7b078c768d10138696accd783035d42b5a54

      SHA256

      a0e825bc93e51f97b0ad9d364dba1af45e2ff56d9b836515be0346ace9815956

      SHA512

      93311f6afe034751e72da9ae244cd6a993085357a7289694f97b1812e3d688d82844230aeecf31203ebd0de50a82e3b5d6ec5d4b451e89f4dd01cd61dd19e96e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      09b987a49fafa62ea50c0e9935712d87

      SHA1

      c7275dfa93cc088cda6488405dbc6cd8621c5d91

      SHA256

      bd5b583533ec30b6c9d8e39297617e8479b40a070917a846472cf7e1e4017b14

      SHA512

      76db082c5d081e6761144a09f9d915dc45804be46d283cc7074db1361bb52eace22baf8566ad9f60f7c51618bcfa6e2c3bf18dd32a7fc0c19fe6fa70b2c97a11

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7e467bcc9aa987524948bea94efc5f9d

      SHA1

      9a358c8288c9f4405aa23e617c07640a1ceb54c5

      SHA256

      f309a8cc750a6155dd781e3e945f60a60548682a124d2114b2599de72dcaf91d

      SHA512

      b8893d53b8a89dff604aab55011ede504bf84e703339bd5c14bbd256c0bf40facf1a4ca4ffe667c8fc1c27b229c85a86152c3cf1ede0972156cb005bf6bf4208

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a07ce3bcdd40671825083de78c20053a

      SHA1

      039b4fa7e0a4858f20bd56f337e1374412b35114

      SHA256

      946ee8de4f2326c7912a2c410f5752af382d7a7216a1e053a78fbac5d1749ccb

      SHA512

      cb8319fc15020bf6d5b46de42250455ee6ea81c1ba570adcde1dc9648a05a1a53835d6fc2d2bdf6dc6f91b676b10a3fefb0579e94ae183210042771ad6795087

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      05c96bec9281da7a0621d28dd3e7e4ea

      SHA1

      3cf6c01f63bffbd3a40603a57695978b155d1bc6

      SHA256

      b19216ba6128b9bde48dc6a0f5237a9bed0c31dce80fc877434f40960899b783

      SHA512

      c1dc77996cf1b4765abbfda3c59bfd8fb76c7d779620c212e6dfc9d7ab958f1219a812b6168611b270da63c3ee8a9d30133a6cd9d90ea28e9a09e820b248808c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      30f2f6b334da66412c301683e021b194

      SHA1

      25a0b696d49110f426bea4a98f438e438fef5bb3

      SHA256

      ad8be5f55034be015ae2ed2b37819c378f6090f1fafa618fd6aaed18501ddb3f

      SHA512

      f51ee0d05df1e3af27063fffb455f336bc3121e0344ea4e36ae2e35f01ef983215284a00022c8a1fa4239c9ff19390bd6020d7c9877ac533a9dd7df0a207b179

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7184efe3019b033563c46cd78bf29dfd

      SHA1

      6c209542bf7f010f0e3a2894c7bb8d5060305f27

      SHA256

      f341d77e6482fab5a28ca26ad2bb64a16252cf13adb79d44330e11b1b84f17d4

      SHA512

      a195db7d871b7a29de16354922ffdc7fa855c285804a41a580c7c244b911a1a59e83f7117e71e626fc026be938712964e7fb1a2d6ccb858b6b0fd2f191983e62

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      04b04fb98bf1fa0d9c611c1594db3f29

      SHA1

      deea7ff1062b04d1688980c05ac7b8eef52a8137

      SHA256

      b39d77671a56346f05181e18fbc4e1f8ec48928f571fa7865947846e9d615821

      SHA512

      1a8be754ccd33abc433d12efb5e56b641564f6f53aca655bcfd11db07378aac8e38de3656e7c910b984e3dd0cd2da383edb8d7ac8594da65555a25ff45efb90a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d3a04ee6cc5d8480f997acfca8a5995a

      SHA1

      686de69142b58c514ad0cad95adec9392240dc64

      SHA256

      f619c40356d3d4e77c53ca8afeae01ceaa49a29f077af80864368c1a79ac95fc

      SHA512

      d33ebef219f30b9bc465e2dc6cbc2ea831bc04cd74bbdf9e31a137a7595409d6602534e28be2270a356c7c59be0a1ecf38dc566e82fc44d2fb5a597666e4159f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f2275d26c58ebdb1b76c434efc2abed0

      SHA1

      621af74805051502bb782258b5515213e3a865da

      SHA256

      c48a058e085f51ac97488492af107eb068956bc20c5e019dc790a5b32bebfe18

      SHA512

      e0589fb19b671adc94d38de0db3e77d1ab93b18cdd7c683f0fa3b5cb7facfe6605f3794a1cfe518e0a3a93641d0e0ec0eae3c10f88f4ea140a31521ab54309a0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      741fa8181e5beb8d7accf320142ea6c8

      SHA1

      b8c28f23ab71052747eafc17c7c862bde4e99070

      SHA256

      ca96b5affc1462e82c7e09dc47e57e78d1a0c645aed67b0a86f50ab23f1de9af

      SHA512

      ba83513a61d271c62fc5f530867d33d2b00e04636f602fc0ee98c44ed5eb6410167e912d14b65d0e11dfeccfc47de3829c0249f44d34bdb8952debdfd987e89b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2e7011cdba8b4ca5e551924869e9b3be

      SHA1

      88126aa037c8cdafc5505dbd3b4ca09c34c21a68

      SHA256

      4b4786630f0bcadf8533c93e5b876f0c9b8ae1c68292c59c92bfbc70cdf8052f

      SHA512

      36a29e5b0261ddf0860360fa0bd8a06696cdd2b418e13a9d11a9fc4f278594de4dbc6a00c93d6b640ebf3b50b637cdb53a4efdc8b29f709509b6d614ff8723d1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      95678ccbc243bc1ec5d7909580235031

      SHA1

      1088a94f75db754c80b3e90874ee750dfbc04d00

      SHA256

      dd371f8e85acdfbadd1a895f1928479ca4761b64d38309e04b05a2ec1b87107e

      SHA512

      94fd09af7ca9f1ca92151eb7adc47a3f6801679af212d9098b35a84bd9f366847ae388fbd5037fd2a52dff408037681f2587e48f6540b4550170309cd51a1a5f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      abbd986be39c45974c7f007a09c6e726

      SHA1

      42e9bdbbf3f9613f6a890da205cf6e6ed938a4fa

      SHA256

      bad44b294b95e52ea290dc6e409d2fad59aa0db793564cccbcf1948104b74ab7

      SHA512

      fe1080057c60cf8acaf58a794ea8b4ba3b2c161fc1767e813ce95a6e6cff4aac80ed7cb5d7ad1d06bf27345478b1a79b5f46954018a5fc16bbfdb48b8c077d61

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      242B

      MD5

      e6683358fa2eebe1877db02c56c2af85

      SHA1

      0998c8440d5f11838a9c884773475ff47899e4c0

      SHA256

      e7174fcba24b403a08363a50e3a8b311c2e0109807d82dc608cde3d4af6752ae

      SHA512

      0a413e2372c16014277949ce85e55c59f178b88cd4e4e93b0f9156ca2038c2179bac8a363514f6ac843e1e495d9e15cfa1b68fcaaa40e31dc82bbc7474f7a930

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\231SAZOC\favicon[2].ico

      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    • C:\Users\Admin\AppData\Local\Temp\Tar3450.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2692-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2692-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2692-8-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2784-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2784-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2784-18-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2784-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB