Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 01:57

General

  • Target

    85a9bed03d6bc7f5d8a4d86bdab548af_JaffaCakes118.html

  • Size

    120KB

  • MD5

    85a9bed03d6bc7f5d8a4d86bdab548af

  • SHA1

    dcb1c8e81e4f716e9c475762cb613b297ae06b68

  • SHA256

    1401fa056bfcf52adffee772b5bd9f4c2033b2e16de961723bc4adfb768f90a9

  • SHA512

    0351f3bbd2786455dabd05c3cca76e14180a8b683ecb97cf214472c918aabad5e4f3e18853ef91ad11ae8c1d64045c22269822cb3c912f4f26d61e3236bc147b

  • SSDEEP

    1536:SmjTv74qraoyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBk:SCyfkMY+BES09JXAnyrZalI+YE

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85a9bed03d6bc7f5d8a4d86bdab548af_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2536
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3032
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1072
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:209936 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2840

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      93a2095ff9f4bc044cf0d2efa340c415

      SHA1

      9d7ad76dbf011c0a87d52dfce1800813526db1e8

      SHA256

      8568bc3cd2d97e22d48abc71286df5b066b886a66d5de55da846e9f8559595b9

      SHA512

      91d18d5a21396582e7560b69b42711fcc50484cb861bbb04bfc3d7127e198975be563e7cc162356a8b399368263229577c832e01e2ef0a2ac5e2ea1b9e4e594d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a0f155e53f8daed14e7ea81ca19459f2

      SHA1

      15614374e1a6b6f13ecd4586620484853f0a4fe6

      SHA256

      60588faef7eec79e32910b3b33dff8fad7ef57b51fa334eebc2e068077f1df4d

      SHA512

      94152878477e9caccbaec3c0ee9ecccae5d829ac9957783373eb57c9206b4f9ac86998ab49657ef029c913f8f0fc30655d6c66f2f63f836b154b5971d4cf9b6b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b12880464a84f0b93300a813d2ac3534

      SHA1

      77f4938a84e61c1b91a085b252b73ab76e582faf

      SHA256

      ccc91f732fcc757f9b3caa1e0d711654fe20f6b853d536282c5af44e93e5fc63

      SHA512

      6f428c932d15d120bad1314e457503360798cc43ccf327a8a720f9a0de70a1e1cb6c981ba3e4c658122a3aa431d823b90248298a26716425dda430127f9bca8d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      952a751fd01373221fcc959798983ed5

      SHA1

      93037c4b46177acdeb968dcebf834a98b70e6023

      SHA256

      1b7790dd1cec2b24207fa26d4cff4309171df0c737fda818392d6cef9ab79ab2

      SHA512

      a0c439a6e73c7e4dbac090756f4858209c421388d424e5b30a1db32975851d9898bd4b95558fa89a035d64b418b6efe276a5fd7a76b62fad285ffe88e7c0ed95

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0d3134ea0f48c70cc18a065d3865f7cd

      SHA1

      79247e9a5657923725d5e458da158aaa947c80dd

      SHA256

      9c7e6026f9ebf7f561fe86251eb98a25cdcbb40135c4eaacc59acaa884a06e9f

      SHA512

      0d7c614e079793361f9ac80b5381480103958943c3e7c03ce2d6e1672a8827d62152c56bc3dc0efab12e3494744200fdacbd99dde25927c23b23feda3f850ec9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0c76dff64ca270190c314c24d160bcf2

      SHA1

      47a56b146d581a47209b098219a0357d35577124

      SHA256

      2516a39ec88de7e8653ae2f4f93da46bb286646a40731c28a5885fc2361717c0

      SHA512

      9b04544562b1dbf3ef594f2eff4087aa115a5318f4f514b186b42dfa7e59f9618c7c3e2863c98510ab7e07d183828194e86f88cb397302fe56323ae8b28bcef5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      662dc075b6116af2d0d9352d4b7bb4b5

      SHA1

      b4437a808e57205f37d431b88d1c2cada81c323d

      SHA256

      b19918ba888a3dbe30c1050d29c91a3d762e0f2133310537b777ca36f5b02af8

      SHA512

      271d888e257d4080b2b7ffdac32d4b1a286aed8865a0a5d4168a1d86d37ee9fc897b9fd8602568e02bd4d4e463883a4c41923f69bae678e591f954a085e2225d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1a770031391c8d3d6b1648bea3eee77a

      SHA1

      2a2fec79847f362f8f317c6170c9ee923c3c6fc1

      SHA256

      8f64b577cda4f992c6525d17c0dacdfe05fcd06bec9b3c294a15b4e9b15ebfb8

      SHA512

      2a652a627f8c4c1a0132b2069eabde045d70b77101c1ae76f02d7ca0eefa4205edc97f7fdf37ad76ce13c262cd163e2813e3f815f81dfe0534e391f9e3fff8c4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b88d7b53cf214b055fd2eab0b96bb0e9

      SHA1

      356a71004d0ef5b90b16955db2338308a679b04e

      SHA256

      648b97eda44c6568797baafc4927cc92d0ba86350684d2dcc04708b5f5620dfb

      SHA512

      663c7d28c61bb6b7369bfc8baceee2a8751d0b80e9f7622ef8e5eb0dab675c9242cc8c274776816228fc03c63d4cb8a103cb7d0fd81e7fb365d073b24efd18a1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0689cee0d1f32cc492c8569a6dd4f258

      SHA1

      6e43e1d92b8bfbcde85ebe0ee047874cb835c709

      SHA256

      581996f3d69573d33822c9721d2e46de350759aa440479c3453ee935176bf097

      SHA512

      5dbab0c9996ab9f8ddf1b32196a143985fcdba4e8526c700664ea0d6a26e12bc4894a514548b32367856700c506c241c19f28e8d96656d7848b859695117ebde

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2ffca920d360e2ccb235b46121af2941

      SHA1

      2ea7a60217ad8d808d03f784655bbd9ee11996c1

      SHA256

      5e0c902615724f0f462eb3c728254a545c08b5af4d89b664257a65281acd92b4

      SHA512

      f274bd22c3940b922f88c9d6418e01c83937c752e58a55db2999aa7f03786781ecc8a15322cec5c40af24875b271da7e54978f148779c4317fed1d23c6be0dbb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      aeeb28db8c85f2a02578fecb914dda5d

      SHA1

      2212ac70363f59d9284c733aa2c592fdf63cda8c

      SHA256

      2fb9e8a03f99adebab583e294e182429c1f9cb84f93d9ac797ab0ad996d34539

      SHA512

      dfe5c2083b683411c5275f2615ece66a6a8077992f181a26f04d5936b4d32edc89bb3dcfd715b94456fd8e6af394d3ae92a8cbe4a738e97a980f9b41554cc3ec

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3db0973307668629e313d6e221d90409

      SHA1

      d6100dc363a94772e5e7c635fce95937267ddfcc

      SHA256

      2d019f39a099a179cf79ac0eb67574f579a99d590b54178d1e9aa4eff01f68d7

      SHA512

      1fff2da2e30d266558f18cbe453e7116104b925a13f61b164c3fddbce7d7a3f7b7aadece79c6efa99c97d6f55ea32b790b23fe4db7aa948e243aeb0b7c94bb25

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c35a9ffaa6d9557b33d46c1f2a1fcdd5

      SHA1

      90c49bb52871502ec9908bf181e9e7240f6be012

      SHA256

      8cdb561378ffc3b64c0e6de8d91d62ca50418cb2c255ad65499835ae515c255a

      SHA512

      bd4625011311f582e2f72553750d48050e110e9e4a7420cffffd2d76d2a5d5413234bf5963f20b7a0fd46c185f653cdcaa1ea8bd357d9e76f17dce7843dd7dcb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b7a4307b0832e1c199e131132147a750

      SHA1

      f8c8f1bba9b241b6c65a660bc5b943c4570a13f1

      SHA256

      85e5e2bcdc4e4f0979eeb238b931bab04363f4aab00c99900754e3a43dbf1482

      SHA512

      c4baaf6fd3af8e29d9a8f5242a17e2d3cd35444ec6c9374db9e699decbf5f645f18604346b12e64da24f35a08493e18bfbe639782f220a8938525a0452bfd57a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      399c6ff2024a331a87bcc81730217ac8

      SHA1

      ac2962927be2776a63db33b272204d88fd7b7307

      SHA256

      bef34755a36b94fd5df4420977c4a158f3dbce22715cbdc9e97c61f626388efa

      SHA512

      fb2c38443bd79023019f877cbcf44c1936c0a426deda9b3980cf455a0bd795ceda9517abd7f9631f58b3a091b2ed016d07b3dfe5fb55f0a3386e0725a86ca538

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b1a0b49c97c3bb66b5cd2b89558e97db

      SHA1

      820bd08161b414f3e47091ee090f80948bce500a

      SHA256

      09d4ed0e2ea739795273d8a46c905d4813da8bc8e72990e416aa43234c2d12f7

      SHA512

      5263060aea765e19755dfd535cbd8639de4df690829dbb2395ead2fcf70204990814b1a2469611a69b5490154df0e425ae110329a3caac5180e743e23920ac42

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4f78bca0372540aab0b7a82b384ce485

      SHA1

      3c7aeafebaf32dbdc01ada4d1d8f07b80e194ac1

      SHA256

      f95dcf7fc37f4085e29d64d620946ad427083d427affd94e2510da298194eadb

      SHA512

      4ba3901178ed2a4d139b0a0ca801f7b9dd497a3496c5ce28ffa47f4379079be8457aa3f4ab9beab798772ae3ef9a2dfaadf323c0242b1b06ca579a7ace0bdfb1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fc1e6673d507cac9ddf3f87da0914ec3

      SHA1

      818a3335b842cfc3044fc0b77b18120cc37841a4

      SHA256

      e775bccf5987afa8843b3b4161ae2a46e85e1ddb1e93bb9fe9f7cc2eae3b7cce

      SHA512

      0f0352f4f1c89e3b544ef80bcf6e1ae54533393577ab64d30a0164050c6525151b8e44fb3bb00d4e1257bf94f008f19cc888d107c42361a4a27e2dcd1a7fb61e

    • C:\Users\Admin\AppData\Local\Temp\CabD7DB.tmp

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\Local\Temp\CabD84A.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarD87E.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2536-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2536-14-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3032-19-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/3032-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3032-16-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/3032-15-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3032-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3032-22-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB