Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 03:04

General

  • Target

    85cd9f5023142b5edbeea0158c2a9fe3_JaffaCakes118.html

  • Size

    207KB

  • MD5

    85cd9f5023142b5edbeea0158c2a9fe3

  • SHA1

    5cc50f80ee47b2f523602298e6e837992aed7734

  • SHA256

    85e102eaeb3eb3dc8807c31e76325b817ebeb1b9d36c20182cdf61baafc507e6

  • SHA512

    8413b745ed5f542041d5350c49442c417b31107ba220b59fe5a3bc9ca459418b35e21188256b08a5cd66d5dbbadaf5740ba8b48be7b548fcb100f5876511d8cd

  • SSDEEP

    6144:ijsMYod+X3oI+Yk9TSTQ+u1+/YVSqyMwVE9AmO0fAHm/guky2P:C5d+X3S9TSTQ+u1+/YVSqyMwVE9AmO0o

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85cd9f5023142b5edbeea0158c2a9fe3_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2856
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2344
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2312
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275475 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1448

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      252B

      MD5

      09b74fb9e1d6944ac53190053af21a50

      SHA1

      ece35c37670d8483c7d9a981411549c0250dea9f

      SHA256

      4666d126563ef273733594da8f3a0e28afff0980adc9aa6162a06bf541b5d6b6

      SHA512

      4ccc77843fe6bc6f4ad5aac8a8981864470a9a3cdd11e7eac7b5e4e7399c1ad531aaa283265334b7688ca1b4a50a31d1d9f84bf75a02ce21ef7bc30258d08bbe

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      92c90a272eaad99de60b0ef9cecff0e2

      SHA1

      15f0d42815b40e2db98ce93dc49bf606f9351fa8

      SHA256

      b17194e0af585a2182c98a99bca08f52226c811d3cfc51b87567ec554f821f3a

      SHA512

      caf7d0c79836065b5f858773a014e448ef9888bc1aa17ee6c333d2f9f5bf6c982d15c4cf89b3cbaaa8b44f95c5557811976ce8801dd698cc5010d3000ae95882

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9cab4b90b2a1bab8b7e49e1c44a6ca70

      SHA1

      8ae2b20e073f9f6016f35fd901a4421a1a027a4e

      SHA256

      4cc3c3a295b4ef0032b4f9102cb6867bd02e9011b1847632356dccf83b160418

      SHA512

      5fd106494ef56d607ccd99f240f889973716d97e1ec2020cab29f987cfdeee2851e4379522413f56b1e225d6fd58e674468b4e79b78bc0dc4d952ab468ccfa3d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f159c3e7f0333403230a9630baba98d8

      SHA1

      dd6c93176e1155a399a6da2ec615ce4b148798b5

      SHA256

      b4b646434d246f47e9cf14a5892e0165e442b6e625bd31b819621ff546a4882f

      SHA512

      f9fe15b1f946915244f0f175a8db91cf01ecfdd6132079c45e9f51390a65f6b80340498467f6476030ad335c164c093d28b9b15be4d7becf3874bf2035516877

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c79ed204a602f1f3d15a64e1599a0dd3

      SHA1

      a84f501aa4ea9a7436f7ba225c43e128c4a77705

      SHA256

      6521ff8a34d11d0d87fb566baca548c8207162d4f4ee8f0769c31f75ee1a152d

      SHA512

      286ef6a967a90a87db15f418929acff09430bbd4ddd529db00467c970f5b971d791cd04f7cd25456f862150b131fe58c296bee5940a5eea6131057737f578352

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5f4259fc1711b5d632fa82dd85d04ac5

      SHA1

      b37dc220d6670edd14e83a53aeccf35a2e4b00e5

      SHA256

      5eae62fdddbfc1836458a2a6d33994e5f58af1087c4034aa78c007d15f04b53b

      SHA512

      5f5249398b8afe50af3bc44e9fae3705da4021694875ae989484a8c3a5eb9575f3afbabb017342cd5977499ed02d779c13c6fe8928a287c5e69b665905a4c4f7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      65ef4512712fd4dde1c18a50b1721fb1

      SHA1

      898373402df0013bcfcfd026d410f00b878f4b0f

      SHA256

      d2620df5dcc7f34a73fb91edd496c6498fb8354313c6585a96e5933668493f33

      SHA512

      0589af074ea67a092855dc0628c6998bc68d86aa9f4bdd5063ddd94b510bf4d299ab6c511c9d41fe6f08c7ba7cdd9a68de7c1406763da17e532dfb4fd5bcd921

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      76189705cca6cda9316b2bac53e48fb3

      SHA1

      ada86dd6f21f2415e4ff25556449c8e3b5ea48b5

      SHA256

      9647e64f1d28197347d8135d38cb51c7b7e5a582401f872d934f0a0c964fa305

      SHA512

      3ea96671a3b6c7f7ff756e78f888ff725ee890f996249c50fdda77d6fedf49dfaddbdd884e62a21be4685c25372a43869470adaac6c99ff25c1d5b400bedd6a6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      698cdb345207da2be088f299373b577f

      SHA1

      a76568630d6c3defe5f756465951c463e2b9e09b

      SHA256

      1269dc9acf4f201aebdbded4a02f909a8f02daa65b5e85208477d9c4a90574cd

      SHA512

      54af33058d5577ca3ee118e7f874c5a6d8e42528e3d5c2b40673c6d061ea30060e8bb934243b1bc0423c8255868df62653d8c016c8ca7a280cf1fb7ac2441f48

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      10c4dc8b38fce05f6903315be4c86105

      SHA1

      f121668028348f1383ac7ffab8edc921e2041644

      SHA256

      9877f083c30003b24ebfffb00ce32e1c5f0030a198abe96a1c467dde6b45f33c

      SHA512

      2bbd00aab62b2845550ff8a2977a1cd07fbb3570e5f3e187e198415a9d4911a1fdb5e33c0fef400d8e8f0a2801e773ffb94134f8dc4d65cc315632549589ae6e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      3d886129ac7510a7f7a5238d83bccd57

      SHA1

      60be1f5cbb3535b4d67ed0afb5fdf0464ca26684

      SHA256

      43e8ec9531c6feef322135c07698f9f8bab3c562841148f6f5dbb88173941b1a

      SHA512

      213f1a6d57f64299ab3ada8c2a49a74c9c6587a78861614441b60116f7a9a5de8055624323bd220c5489d2be6f44bd72330bf984cb62caf8741eef810baaca5e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      242B

      MD5

      ab978149e79c895e863cf52c7eeae260

      SHA1

      d87d52a222764deeea5e1360a82f7b32beaf2165

      SHA256

      df0c79ef7924ea5ec0471fab39b5970070a065e45e28ba7f03d8b07b80037816

      SHA512

      6884e316fb816674da328852f035f7477aa3f6e12a0de0e4f62bac220bfa79eb251a9022567c156c26519e61c90946ba4a50026f7b89ec28585789556d3b0124

    • C:\Users\Admin\AppData\Local\Temp\Cab992.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\CabB0C.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar995.tmp

      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    • C:\Users\Admin\AppData\Local\Temp\TarB21.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2344-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2344-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2344-18-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

    • memory/2856-10-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2856-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB