Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 02:51

General

  • Target

    85c838c4537adde92b8b15a44fc01bef_JaffaCakes118.html

  • Size

    158KB

  • MD5

    85c838c4537adde92b8b15a44fc01bef

  • SHA1

    c1ea843b853426b32d9b77586f3eb6a2fd61822b

  • SHA256

    a5026f7f877025d43e7b8089b779f1aa2ee564a42796ed8fa5d3db125ad66c6d

  • SHA512

    be5726f3b037a6feaa3f72c74e5fa2387270ff909d9af4b32d2da044ecaade2d9848f9521e7865e7c870ed0246cb7c4965b99bc23054698e804de30a49d2680f

  • SSDEEP

    1536:iGRTA6bmeZs5eAhyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:isDyhyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85c838c4537adde92b8b15a44fc01bef_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2052
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2116
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1592
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:209944 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1692

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ff5dc2266a270cce66a8a58218796c2a

      SHA1

      944cfef8f1e80185596bf4cc8d5cf21a11fcaca5

      SHA256

      acaa86fbd5ade07816f836e1972c5b5d971320e52c7c15b4f60b4289b1a21fec

      SHA512

      bb6a8149c6f0f824c149cb6307d3581855b0e01def75951fcc7078cf73608a7022f9dd22758ecef4de7f280ce2bd5e5dfd538c0f55a8a7e994fafc6c4d22f7c2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0c3a7e777949b7dbe2f6aae2c474316b

      SHA1

      cf096cd85943d233f4751acefee4d137120f437e

      SHA256

      c57f24dbd718e3168aa3c8a5660f1a7d0ed12fcdff053eef7b0954c011303c2a

      SHA512

      bcd1729074eaee85f7b1623cd210e22efb399640a3f3ad27fa5bdafa07a0ad784eb6506540863d12ac15e51cb51e75f18a2571a506760480cc2e223cf854a3b5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a82a5333fda269e0c1257d22a4a5773b

      SHA1

      907c6829797ce4ca39a13196bc29e0633c1f6b0d

      SHA256

      fb90c2abd926ccbffd7cfffe65811a3eb7d6b3ac7fb7cc84dd1877f5dd8e5719

      SHA512

      90afd10afe1a62368a42c752375cffe96b9009a67c28ead32dacd4d2be40ec9fcebc3ea5346f464e432e291f282ae957d6282b98bddabc49874e158f34040762

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      51da61dcd1e39a8ee9543a11a98a7985

      SHA1

      3cbccef0286f935d8259e9ac0a23a9b18c2aa98f

      SHA256

      c454aad4e6ac052f78b43f815348ab52318ac7bc32ff8625f5c0f8b769115327

      SHA512

      da8b02427a520c812813a6b8503e01aadcf5afa8ed389791c8162487644480e620338f0d76aef350c94f35fb2740cbde48efaff19015279c6fb34cd3121cfbc3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4040784005cfd5790fb6323fbbe47435

      SHA1

      f12b5a284ea833a116f5e932d04a9e331a0926a3

      SHA256

      0114c15d3b481bb6d210777c3cc6fcbb97b31d7a021bee503f90f465ca926c6f

      SHA512

      cddd3fcd6d26dc2896ead3e8976c47889fb1c2daa4f788837562eff98c57f049f4c73d13df96f06c845c5abaeafe416993fd9819060a02d3085059a0aba141c7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      33931d37979821130342c7cc89225e75

      SHA1

      7898b51d22373da90de81b0a351ad6c3a2bf96ca

      SHA256

      988fce922a9b0a3df5bab3ff74df327e8e7ce90075957932b850ad9a795e8446

      SHA512

      013631a83beed07dc3b25080e67cfe56963cc6705ecbdfe9091602f01389f924448becf4c6f26b2548fcf3e761439f5f77d0b3105ed4372d561f8b10d39fb7b2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d84e25a369c9ca523d94d4cb12177e05

      SHA1

      dc30a07a148351070cc47d329ea1bddc4dbbf83a

      SHA256

      2e0908879bd84fc3f8842081c58b52d4bbb3a50a8b13e2192ee2b4d9d71aeeba

      SHA512

      8d3048373d8ceb15d4e4a734a4db6565e80c97acc57acaefafbfcfff452502bd552ce42d2e16980f40a4b4e22233649a0c83270916da2d0704fc82b4a91572b0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      677e8df4257bc678bfa065ebe718664d

      SHA1

      d195c8ab6a4b16ecc9cfe2918f85906629c37459

      SHA256

      588e5b2b2a3b302fbc940e5c997df436b539c86ccea8688a9face7734cc8256a

      SHA512

      6ea3cc8e56344e623e2eeeaf6c5d4dca72dd3ca59e0afb48fa4aa3dd34fafdb289618db36483b334d8cadbf0777489694d23730b9ea5e37ddc08b71cb9706713

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f90b674a371462a2d195cfa87d65b6ee

      SHA1

      3aa2adee6e6782224b8c631adf354a2339ba854a

      SHA256

      fd0719fcc8d108b52cd00d7025296aa6e4ce2e1f07f2fe2515e7073caab1ac73

      SHA512

      58c12bbe1210040946c9047f73720e7ad3de1e269149cacbe74f79120dd390a2fd7c93a6757e08edc355f02935d85fba97e180e229a31bfac778dae06be5cc1d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      079b4bca89cb8dddab654b064a67cbba

      SHA1

      4477ff6d94bf7b55a6e14d78af5c6c9a65397e9e

      SHA256

      9703101d62f42ce2d3a67e42f092d64e5a96a49437b23d26deb993267f5a656d

      SHA512

      286e4f917249e8138b1feb8644aedc289e49f9c2e31f5a0894728d50aacd3c41eb58957748a68a1fcb7d349357548be6bd86ba99433744343960b5501ab631a6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9e9a0fd1f4254ece518d19901b79e5e7

      SHA1

      583f99381d08e9104532ebd90fa68b4fd52641f2

      SHA256

      52825fb5ed18ee610607f05ee081c9828e1c93b548a68fe36324451e319151ac

      SHA512

      09051692a95850053afdec258835690aa0b4a1f5553f061f93321f83b8b97ee1520eb27cb29e9f31086ca2bee584b4e48dcfb30b75ff0a476370dba1770d697b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d2275d4e2396c21c59a2dd424e4973db

      SHA1

      cdae68c0179507fc65ea21863794a4b28dd3bdd4

      SHA256

      92d267cebe12fe2eefeaa87d52c79de6418126b3b6915d4f6fc924a99875ae5b

      SHA512

      dded22553cb770bc556bda5aeb04f5bf282e8fe808b30ae89dd1702343c0667392a5b7b08fa29193f06d01764a4e5eb22a206532456f417c8f559895d18dded6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      48756dbfbc6216cc16a0e714e6597489

      SHA1

      e897c5187f00ff7e9fa34bc4d29e6163ac667ab9

      SHA256

      4dc80d676b485ab5aaf07fd855f040b33303766de522b7726dd20eeaf5fb1740

      SHA512

      2cb97d45a0e20909eddfbf1ba1d70f32353116d4812779817ac8c8197966568ed04d9166e944bae0e373d10a1e2fb0358733a3594f5b3ec8068598af3f578d69

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      908ca54d4867f4b2abe4e34c41017098

      SHA1

      a8789f67e59331fc5f790d889152823cc557539c

      SHA256

      a257647bb5e805eb0721aa718428c8940208aceadc1d36c2e7612109fb4d8be7

      SHA512

      8121f569cd8711aad7c322233cd65b3e67651b8d25fcd1b624caeebe0a89f87bdbaedbfb9b4c682bc6ea24eb67d2d8fb9598c4b533df8d417608c4201c1970fb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1e96491e93006aa43e85c5c1ae97b590

      SHA1

      c9ce45cd99c67b24b8065a53bbdd0a0ca79207db

      SHA256

      2eca08aa5fc6ef47d894c266c2e57e5d77c1542f669e9b6f4cd4c489895b3834

      SHA512

      162c173a9b8cb2e8fe79eaed17162e0d483720a024142150b5f3a5e9208e4d0cecbe050bcedfa24f41b09df15e77033d48ca94300230e8e04f1b4f5d6212bec3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6f43f5d7e277f263655a1469876df616

      SHA1

      a7bc6970225a1d54afd9b42ce264b2906e912228

      SHA256

      62eb4a771d09e16c93b14d6f2799d97fee6f34a9e73412992cbf1a2f1172b3fb

      SHA512

      3f3ba6d14ab3df1f5327669be523abf0976615d8840a9abb149b499085782379f262f2bad14c2ffc11dc449bd86e22fabc3b11f0e62c89f6bfd4dcac43ef7645

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      97aa401daa02203bb6954231ef9c8d75

      SHA1

      f141103998a99e62c4a65d7ceaf8336c1af049d7

      SHA256

      bc82519689ef3c17564636d4e6fa8d0bc71ff673a132c1e4a352ed0c0b7e2848

      SHA512

      bb716b17fdfde2cbb1f9a7838c8a423de93b933603c92eb302feb880951920f95957480b378c1ab7e227a172ed9eb326d0665b95414858ba55bd686fc7aafa4e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bbf6c4654514939e76d2c10956d59fa2

      SHA1

      8000016f6e70d141a7de03538b5a7e53afa7a35e

      SHA256

      5afd751194b98c49a48c46977a3d7afda759bfe5f7b6342640f71497cf1340fc

      SHA512

      786d4f746dcd98ee3c42459de3e7549fef2d529bb9e2488e91fb6a421f3b520537050954c194bdac6cdb6fbd7d7c8f457314e0911de185b53f94ec5a287d7d0c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      60c69dde03aaeefadc0a004cd1b82b41

      SHA1

      b8ec879d764636952102beda436e5d7b62d203b9

      SHA256

      50e60fd4c0e62dbb4f673bb4ffe12bcd0f6489f6c47e37ef34384455cbbec51f

      SHA512

      0a32115966b9be787780009b156ef18e776bab7e11b4922038223ea470fce44a603687e48dca5c829c18a6c6f1098dfc70eda75545b1f359dd3db9b83abdcf88

    • C:\Users\Admin\AppData\Local\Temp\Cab32A6.tmp

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\Local\Temp\Tar332A.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1592-491-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

    • memory/1592-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1592-489-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2116-483-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2116-482-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB