Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 03:22

General

  • Target

    85d8bea10c55411a91f659746c145c66_JaffaCakes118.html

  • Size

    160KB

  • MD5

    85d8bea10c55411a91f659746c145c66

  • SHA1

    803ef84c4ea0c0eb782ff70bcac97c126f18d99e

  • SHA256

    ad8655457b0e565d43b4b9af5afe43dcd0a11a0d4731790873ca36c30f68b937

  • SHA512

    fb6c39b70d0eecab40af111aac4515390a88b189851a6582b85eede715cc4bef36a524f3f9ba0d4bca8caf1dc6b6c16a76cc903e62cc727e04a0492fcec56af1

  • SSDEEP

    3072:iybMT1lr4fyfkMY+BES09JXAnyrZalI+YQ:iSqsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85d8bea10c55411a91f659746c145c66_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1724
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:312
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:3004
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:406544 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1744

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6d150866211d3a128116f94d40e5c518

      SHA1

      b9768e496ec1d1224a10a05178ecd41375f10c6c

      SHA256

      721ce10ee49c1660d09b9854e46066c3a34c589fe49893457296b0e80d3e4929

      SHA512

      f751609833d543d2645316cb59353040da70f034df905443299c8c9d43c47f033516e1a4b4e663b2451b2fbaf044d4aa0adf351a082afcda6bc0796369f6663f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9d01d79adb1a4065cc5ce643abac729b

      SHA1

      792714b42b2fd89bc7745729a62e4488eeae9682

      SHA256

      6f152ec3b3f455c413b38a6c642d7d22c3f6fdb04290fe255246cd86304634f7

      SHA512

      a934672aea697a7934cd7a9b112d25f049125cb675532530cb88d276ca948fd03b9eb28972fe8ef5d07fa123ec9d4a6312ac9c948c88f1ba40191763d1daeb6c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      deae2f95957be7bc841b4d26ca1fe604

      SHA1

      1267d2fbb0209ef7de1b1861d41041d99bb478f8

      SHA256

      b93d448b59bdc16fe55f94d84d08d1ed7e27e7cda24d4304c5a066f67c37ef83

      SHA512

      d15bc63832998da422005d44524676a26b495900812174a590db0f0cfb86af886804449d89222b0d675b50c94877de38ecf8446b81947a69fc4b5a4d7f24fa81

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      89dbcdfd7c061df4d3f4a50fc81f85d3

      SHA1

      7ea26249a504fbefaba9654bfc4b90a4f281a4a4

      SHA256

      4d824c992f9526ae3bf40109f9dfa32c308e152ee3d08d4f09399e7dde7f4b58

      SHA512

      848af01bf441b4a41a8d1b401855d5c676bd64b63c25d880cc770ccd94eb925e85d03e1075c15960cb22646084c3a78b795d6c4ca3a0e8824da4b6c059a73fd7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b2a6491c3112879ff481b0b402ff36a3

      SHA1

      2f306a786a62a0fd9c286f9b7181394882eadd4a

      SHA256

      c79fd2379ea157862690ddc8920687ce35d886e6a3bb2423e4e9f97a39cd8e35

      SHA512

      421db31eeaa6b08d3453042d40cc5f9c378ee7ebe251cc7fe87cd6c03052b2b292bb643f34cc93527a7b8aa608d0d904e1787f642433dea4e1a1b998193b5c6f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      700089d9aa0b222de67cc54c87d77407

      SHA1

      5009c49406a18669b4ce7c95418f1eac15f87a80

      SHA256

      38123db449f59f9d63110fb8722c0c6fcd1135f884f1766a3d16a72e86a9b34d

      SHA512

      b88055e6dfcb7d89abaef1ba6c012069ce1285f7db6edd3dc7e0b3134c1bc1479e3fb5d71b04872e1f366836c5e1132feae3f24c6f0073e8c27764349663cf17

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      37af660679fc80a1b6cf042d8c9c144e

      SHA1

      e6d6c924ba54ffaeed6481a6695a96f58c8100b9

      SHA256

      1ea16918f307775c6ad13731c47b4df7314d6004000bac51451a2c8db0be024a

      SHA512

      b850c8bb95ac1ee173b8224af08148f2880f48befe5c8e57f37e3f3adc5785b8daac851e7301766080be629308d649c2dd50066e8b22157d859af7516ab119c3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0455dd8f41494c9deb0a5fb78d4ec152

      SHA1

      d14e3de0ec3af0e294dbf40d8f6dff27c5c071d1

      SHA256

      7bb9ed3da2d17928631d04782fcbb2150e27a3cafd38536f9df0ae20f8497cdf

      SHA512

      e3454a354b6ec2d99c82e0c558d010589d926b92d376be61a1bc1a157fc24831703d9e61614585c7163f017d9c828aa23d28b62996a1d4528f1befc3fe421d1a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      50849fb15ef5e1bae1db0b2c66e384ba

      SHA1

      2aeefd8bc8dd7cef4ccad1752261dcbfcfe3f7df

      SHA256

      a653a70547b2f9f90e258c53132b1be05521bd019cd91310e9f70e6c2d32c446

      SHA512

      b3705c1d896e85b49129b428654994e9c9e7cf425dfc256157a563868a81b5b5ff9469268644b66dd743ea0314b9e3c6c6228dbb1266a3dd91d950f5e14fc948

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e0f1f404e299fc89b1ba2d6327a08f4b

      SHA1

      28bfc30b2f99a664d3ab1ae1fd2e3b79431b7c37

      SHA256

      554a1295ea19101a395f135c0dd1754e03434c077faf6dd9dfe30fa6cb7ea7f5

      SHA512

      dcd33eb43148c4e13031fbf4169dbb206bb0d8a04f0febda7af2959d4dafa184fec8ff983497293fa50a35d93bb5440a04067a35a5bd30fe48839b6407b3e6ff

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f4a6b5ac088eeb1b46dc19968416444a

      SHA1

      dc1076b3d2107a54ac0597552bf385710b877d8b

      SHA256

      3f2ee9f735923f1da59252520b85670548dfd190372a3944ea2d6b08ba76f57e

      SHA512

      3e0b50a5cb16b82d8bce7b2c7bb40ff39fef1bc4b980aaadbfb15c7fe11abd761ef28faeebfb1b00c71f89397b4c507e628ef887a3384e755509b332df448b80

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      08028eade08bfb263672ffd037945071

      SHA1

      f21871e69a3b861f7dea7dc406c15ab4e5bd0459

      SHA256

      96b07f19ed7b934a1c20d0d9e103ae03a4071a6c3415b63a8ff1320635de6f4a

      SHA512

      e20d712b03d3bb8785073d2914076f54d7c98a37385af76fc031ffe60755e901fbf3f8901883669e87efb10bfe6fec90db99b7fcceefc281f72251df540ec53d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6f5e39cfbea596d76ff41aa443588fb3

      SHA1

      41b007ddca0df96820e64d6253c63703b668cfe1

      SHA256

      93a98718e30ab15cd93a8b86098cc98b767e378f62ae46871d4766efc9b0b5ef

      SHA512

      1becb0c54d98d5ca9e14c74bd19195e9f22b2e0234f6537fb0efb8b5c704abdf98b56825dedcf48b0ab108e2042b324f9f1ae86f1c493c9e035f0e6d29a11cab

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d6c0d5034fa582a56ad0e7e9d05ca27a

      SHA1

      1b9177af13772d70cfa84ac61c5b1eb94b5cbc6d

      SHA256

      dcec7bd86634de6745cd75fca312435e8f31967342b3c95cab31808dca81c681

      SHA512

      e21f078bc70737f710ffcc4dc91531d9d9d71ebb555865d6bf265058055e1e2a1fc481318f3de75911084a32e55c90635d883027ce97957507f00700b7153bee

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9d5965bdfe067aa34baa4e231b0ac31b

      SHA1

      bf2203d2bec34c0e51e1346d6c41a3a8e181150a

      SHA256

      98273c740524b7f2a325b17d190322ef05a295f9c551065346b7bece209cd4e3

      SHA512

      c8442a8a95974765892ab8bd5dd0544b0b7e2f230f49e0e3f86ca92c9a7d9623c8abbcdf39e88d47d7e024f6919deed25398c9a092acfa72564f5eb85c3e1628

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0d3ccfca6fe9307904a0de305d1ab5a3

      SHA1

      128d4faec5b7700204eebfa16abd99f6c81e55da

      SHA256

      fb28d2f295f1a43bb9a95aa9559e17093fd5d36509aa69ba91fb31219d504608

      SHA512

      8825774641267e50a7609e52d839c2e75e5ca2d9f054c92daa2474fe7d7abd3a8e503d4421b77dc4a57352e38401d1f113db5baddb1e088c7b30a12ebdbdc027

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      780349ad72e5d668d4e074137f91fc7e

      SHA1

      bcd975c6793841596d57892fecb12606a8b8774b

      SHA256

      e581eef773dab1cb6ca551d3f9a4bc462fb96748afdf047b7cd39f1a6e8c2af4

      SHA512

      3ec45f87a01db1bc6fc40fa78ae87e29491575f50510daa9a2519d71200d5e0d714f7f48feb91aaeb55c3f9a9187926b8235f4237729f7161c22c0083b4932a6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0f0b01260433fb51d00a4335fb72a3de

      SHA1

      dbff81bc27b4a3549578ac862c9fc4747fbfa4ad

      SHA256

      fe5d1b1dc356f057a538befbc59cb3b39044de9ac1a793cd69824cbfe617b004

      SHA512

      9349b8703f04378069478e19e4a38c982bf8a8ee823ae3dd24c1b183e51eb70b4fa12b538ebdccc7d2a2d6ae22d3d2420decc9fd02339cfc55ec84286ab9f5c2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e2afa07be34ec94aa10017f72c7ae5b7

      SHA1

      c94658143540ed916f88ab41f53ac24c1200dda1

      SHA256

      0c5750c3e04796a69b8275d27cf3f81f01fa803f50820f090766587ec7e71c2c

      SHA512

      43395ea6016ab63b0f6c1cd6bd2d5fda71621c55be3187e7d975970ffbd31378900385d17254f81592f2461c333444f0e1a664d20c5076a25e3989aa75173149

    • C:\Users\Admin\AppData\Local\Temp\Cab169.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Cab246.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar25B.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/312-491-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/312-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/312-493-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/312-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1724-486-0x0000000000270000-0x000000000029E000-memory.dmp

      Filesize

      184KB

    • memory/1724-482-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1724-483-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB