Analysis

  • max time kernel
    136s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 03:23

General

  • Target

    85d903398d6034bc8feaab55ad02031d_JaffaCakes118.html

  • Size

    193KB

  • MD5

    85d903398d6034bc8feaab55ad02031d

  • SHA1

    e02e3481f65787854bb22b4e47a49f4bf5376488

  • SHA256

    729c576a6acde71c8e1a65aface6681413bebd7354151e70e06a670e175e56a8

  • SHA512

    9b258a2ddee013c7fe8e09811d9077e6f590fbcf7ec5e32a0e4c7dfdfd018a24a52f20d7bd77511bd8641f40ef4e81eda37fc76c73201b1f779ff38d9551a083

  • SSDEEP

    3072:SzgZkyfkMY+BES09JXAnyrZalI+Ye47uM9f7UL:SkZpsMYod+X3oI+Ye4pf7UL

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:380
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:472
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:596
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:1032
                • C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Windows\system32\wbem\wmiprvse.exe -Embedding
                  4⤵
                    PID:2300
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k RPCSS
                  3⤵
                    PID:676
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                    3⤵
                      PID:740
                    • C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                      3⤵
                        PID:808
                        • C:\Windows\system32\Dwm.exe
                          "C:\Windows\system32\Dwm.exe"
                          4⤵
                            PID:1148
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k netsvcs
                          3⤵
                            PID:844
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalService
                            3⤵
                              PID:968
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k NetworkService
                              3⤵
                                PID:236
                              • C:\Windows\System32\spoolsv.exe
                                C:\Windows\System32\spoolsv.exe
                                3⤵
                                  PID:1012
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                  3⤵
                                    PID:1040
                                  • C:\Windows\system32\taskhost.exe
                                    "taskhost.exe"
                                    3⤵
                                      PID:1100
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                      3⤵
                                        PID:2088
                                      • C:\Windows\system32\sppsvc.exe
                                        C:\Windows\system32\sppsvc.exe
                                        3⤵
                                          PID:1276
                                      • C:\Windows\system32\lsass.exe
                                        C:\Windows\system32\lsass.exe
                                        2⤵
                                          PID:488
                                        • C:\Windows\system32\lsm.exe
                                          C:\Windows\system32\lsm.exe
                                          2⤵
                                            PID:496
                                        • C:\Windows\system32\csrss.exe
                                          %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                          1⤵
                                            PID:388
                                          • C:\Windows\system32\winlogon.exe
                                            winlogon.exe
                                            1⤵
                                              PID:428
                                            • C:\Windows\Explorer.EXE
                                              C:\Windows\Explorer.EXE
                                              1⤵
                                                PID:1180
                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85d903398d6034bc8feaab55ad02031d_JaffaCakes118.html
                                                  2⤵
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:1944
                                                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
                                                    3⤵
                                                    • Loads dropped DLL
                                                    • Modifies Internet Explorer settings
                                                    • Suspicious use of SetWindowsHookEx
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2804
                                                    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                      4⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: MapViewOfSection
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of WriteProcessMemory
                                                      PID:1644

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                70KB

                                                MD5

                                                49aebf8cbd62d92ac215b2923fb1b9f5

                                                SHA1

                                                1723be06719828dda65ad804298d0431f6aff976

                                                SHA256

                                                b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                                SHA512

                                                bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                798710d576a374579c69df2035f7a6e4

                                                SHA1

                                                9c562c4b5d3e6a59d53a2ee0324a745da37c7b32

                                                SHA256

                                                f357ff44f0896f8f1785b4b99a6a87a40478a2588b101b6c8ee12ad978f3797b

                                                SHA512

                                                2e27acd8574dc92abb19325afaf9fabbab986c257abb5aa778314412285b45c744160f80240bfbb96dee8e121df6e67bd7d693521bb17d41b18ea5ea6bfec320

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                c1515619ed5e2ac63f53e163481a7975

                                                SHA1

                                                c30634948eda9427e754ad6f96893f895f12d590

                                                SHA256

                                                aad7b342dc13a0fe969023c8334b29bf092a496f99997dd093c4c2988315b369

                                                SHA512

                                                2b729663dfd19254ddc54dd6ace488803dae75a4e05f0af48f3f7904fa41d22cbc335e90a5dc49bff2c1ead46b1b23b89bdafd8a6f0e703af4506df60d5d7238

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                ae75d88abbf86c56c00fbd4448b20228

                                                SHA1

                                                27624a42e1be938e1db604354225b905886847d7

                                                SHA256

                                                2054d9638f726c8725c369b82d6dca7593f95091ef9bbb24ad081390e5ecd1b5

                                                SHA512

                                                24ef17b97866c02d10416445420df542d99122f54e22823227bc075af9ac482c2f0202d56062f20743a00e86cd833c812e513f1f08aeb5149cda33892f7c3e66

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                b4539d130bb0119649a3412edaabd7e5

                                                SHA1

                                                4b8ff593e49ed32d6db4ad1882aa8bca8ac90f59

                                                SHA256

                                                4ca29ea77e5be706aa1e4be6bb43b4ad025280ee56c514248b34ee1bba89191e

                                                SHA512

                                                dc5ec812b9122c6e06178cc986bc9a4799e45b41312aeba6d63411d9f370be3db5e242efc49e21e634f1f9885ae0fa1fb80cf007cd1cce7b9a20113aa03bde2d

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                4f77e89115c685561ab5fa71b80068bd

                                                SHA1

                                                c56333a33fa16e539b50f67dd887a87a57b9e077

                                                SHA256

                                                9461a1a2ae9915de5ed945d03fa3e2f806e1629e7e4bf9dad2459d7052248868

                                                SHA512

                                                364a92aac849576a68f4cb469716afa62ea529b019d5f20f1c1bb5c4ac8308dd287a361a65f8e9b48c1804964e7f6f0de9c73121840ad78157d599067578274f

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                1fe860f11e8e0f3e084099058b705db7

                                                SHA1

                                                d13e112c5f3618b40cc4b564ce8457fff6ec60c5

                                                SHA256

                                                2366ae1607e6c2bbb48998343736d499160b2b345dce05c6c011ddd8f5fe0cdc

                                                SHA512

                                                bd129384cabf126d231d165af0d2cfbd514a47160e7a1b1e1f90f77c7a46dc0636a1bac157d5d6e50f7dffc53e7c2fe47f49e5f40ea598b66924a53b5d526d01

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                696584fe1e28fe28dac3234fb7dc399a

                                                SHA1

                                                6e541a8d1a1e87ebba772f65f372aca775757ada

                                                SHA256

                                                2cd3c9cc16ba8036dbca26eef01fd897d65fe4fcda17757c02b90f7259f1794e

                                                SHA512

                                                929d332e46d65f0af26a4cb0fedaaa4a916ef18699b1b0de8d315ed2ebcd7fe86055c641721449618f0bb224c4cd1a6a90e508d0a85f4c1f18a83609e9034b90

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                d23b12a9442417bf45d51eb9c0ce1a6f

                                                SHA1

                                                5333fafbaa4837a0d825df5537bd81d0b7379999

                                                SHA256

                                                f97a4e459a56891788273dd6202b98d4bc5ac86449378ff52f788a579ac9086f

                                                SHA512

                                                e8ae19678b51af52507d68773a7d38cbd24d46a48f79445a7e8a538d3f43c9de4fd57fe98b2fff96d8a3d8e238426b9ca8cd530f07dc0eb7a266081e43ea5df3

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                d4038077d70190817e0fd3438e1c791c

                                                SHA1

                                                4544e84e0fbd46c95486d481e274b701923be880

                                                SHA256

                                                a7e0b7836c288ee425fe0fbde7d8125babd5b64bf8b5d34238205b469a176d23

                                                SHA512

                                                f78c5797eb60255ae360e8b6584870a98ae10bd9c2f1d62e5403f616831fa9515196bfbd90b68dd71c917a4fab9611ff2c25ef3c9953b7f01061d3702eba4104

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                fdc03c93d22229c8cf9f0a78a80b6313

                                                SHA1

                                                a801ecaba69a4e9c8976696e5dfcfc673e419f46

                                                SHA256

                                                a44354f746b4330a8b3c1b7bd218c122593d68aa2847c28612ac96ccd5c13f7f

                                                SHA512

                                                b08cbd2a355386b7cf1b5c9c40a6dec9c6456ff383ff6bef2336c3751159c8bf0ba5f05e123683deaf5ef5d28053d453a7e49c24fb6c6fa3a29b2bf03ebedba3

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                76ef112882da193d9f847f85206226c4

                                                SHA1

                                                f4d0c724dbd9b15c8ffa117d2c52464ede6b00a7

                                                SHA256

                                                452181bcf58b44fd413f3147e981754655664b9539c101a3a736583687947624

                                                SHA512

                                                1b456185b15c7d57b185c3db097c559116fbd86181a89cc761d0b1fb91994b0578590714d55cf5fd2a71507bd8719476de8bba1158a5f9c60761d947ee1260e5

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                b7ae09e88befb038e02b48cc63186a5f

                                                SHA1

                                                077c388692db124f9c83122b8a42f26e358c65aa

                                                SHA256

                                                04494a023d6dc99e33d881168879ce443bc5a5d9b3ade3282578f46aad2fa994

                                                SHA512

                                                f4e3e632b975c420104f9b01b5ff3c4e3bf5a05b7aa29ede520b3e7a96e724b11d1b7f8ea9d8e50073d98a8d7d9115f4883ed0e5810645e041158c034fe7d51a

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                072b9079217d1d3fe03bfc0f72679dd9

                                                SHA1

                                                0c984dbf80171adad35c38aecb6e20bd680a60e9

                                                SHA256

                                                47950ed9004fcb14470c3af87d3d53f49d7076cb71934d768452604f09c26e4b

                                                SHA512

                                                e1461676fb76638b87e92ac9936fa3290ccce15dc4044fc33cae8c814af6cff7a1bccf85fd1545356259a607d0b07fb890c0c31e145804070252f4aa7ffabe67

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                184cd8050b31fcec5f50a43a3733c218

                                                SHA1

                                                dc7c9738557b83d34edc374aa999608dc1775022

                                                SHA256

                                                d3602a3f12ef089d90350dc070bc1ba143195fca6a252e7c7f97170c288032d8

                                                SHA512

                                                a3688c3ce53f8863e5317d57d32584de1167d272cf7e490982d9e94d2ec0afde9e1202e3649d38d4060145a20661bffa03e55350001e942ad932d32682bdfe69

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                3bef957ddb614ce21827cceb346aa19e

                                                SHA1

                                                b0290bfd33b65037d4e1d5bbcce4b0588bdac576

                                                SHA256

                                                dc4a549ed7fe648d3e231fb3ad8b1cd6758310d2c9b2e448dc30943c2ca86e57

                                                SHA512

                                                b0a76ceb1504d343ebd2cda0785753ab2ae3b9f8ce36fe59b48c7091388a366aa5a2ea1ca3ce744571c9d05d9d16cd5cde84cfadbd5583e9ce3dee6a39d71441

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                303a237b1a6e8bc179f3b837eb9ac8c1

                                                SHA1

                                                d4fe0ffb832d81237fb92f5136824bcb071cb85c

                                                SHA256

                                                9314ffc5475bc0494894339bb25704d0bda218036aa1edfd51a92562cf1c5e74

                                                SHA512

                                                5c1b371f06e98e7132cb52d8d47ba45854d4c67a0a82ed391227d33ff76c510ddbbdecfb180e28b8caee08313d93b5199cdfe36264767a42d45c8e7c1962c225

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                73833b100e792b4d190481372e992211

                                                SHA1

                                                05693633a814162412db2b98b7b331b3a4c7a0eb

                                                SHA256

                                                22d59a7b32bafcb9d8813156b6bfbd0193f7c66e058596030948c579509f0732

                                                SHA512

                                                38fe356bb5c99d6121a1dab0b270e371d3848cc990077c33a3d5dc6419fd36eafe049350acc84dba87b422fbc890b8f3d132e4f7ef9945a29188d6b67fbf505c

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                4eea139bc986d9540e53be0bdafb9120

                                                SHA1

                                                62023f01c2509ac36d1d9bc9c90aed1195d16347

                                                SHA256

                                                b4a188323c2dc9eaee66a4895cffe9bdc3c9d1d6b39d876df0efefd7b6f24233

                                                SHA512

                                                6104e2c343419f912bc508f7d5f5710f3021dc5701b99c7e9158e1e7765e4347cb9935c89c5235f55db2a2009197c107c84854a8a37da97a3d5bb48b2ca2df14

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                Filesize

                                                342B

                                                MD5

                                                145f76193e8e9781bedece8f5f3e4697

                                                SHA1

                                                d356d732b7bda062e7181b60c341941c6c9e7b1f

                                                SHA256

                                                06396655907a2254fb21af9dcfde22b087647a11bd3d6a24f68d2a6e612a4de1

                                                SHA512

                                                cd7b264c18c580173be2480b15e3411472f16e8a71ed2db1395e6859df0e81e25dae663faf5bf6d32ce27752b8a1b54695df663a6a91fdb1cba74cbc00a93b99

                                              • C:\Users\Admin\AppData\Local\Temp\Cab2676.tmp

                                                Filesize

                                                68KB

                                                MD5

                                                29f65ba8e88c063813cc50a4ea544e93

                                                SHA1

                                                05a7040d5c127e68c25d81cc51271ffb8bef3568

                                                SHA256

                                                1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                                                SHA512

                                                e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                                              • C:\Users\Admin\AppData\Local\Temp\Tar270A.tmp

                                                Filesize

                                                181KB

                                                MD5

                                                4ea6026cf93ec6338144661bf1202cd1

                                                SHA1

                                                a1dec9044f750ad887935a01430bf49322fbdcb7

                                                SHA256

                                                8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                                SHA512

                                                6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                              • \Users\Admin\AppData\Local\Temp\svchost.exe

                                                Filesize

                                                84KB

                                                MD5

                                                cc9104bc71a23e14787188f3634a4d05

                                                SHA1

                                                0b537406933abc1738ef32b96069961d024f1b8e

                                                SHA256

                                                aa797033a44b0ab42e6428552b5e85bc735c84082493f63b4b3ad0843859b28c

                                                SHA512

                                                023b9655cef044082ceb44c6644d834e4ba9af088843674cc8e816cb4f4981bf0958b0c82002c1597c8818e57af0f80d4cf3ab771e68af5a33cff752363c7df3

                                              • memory/1644-486-0x0000000000400000-0x0000000000436000-memory.dmp

                                                Filesize

                                                216KB

                                              • memory/1644-485-0x0000000000240000-0x000000000024F000-memory.dmp

                                                Filesize

                                                60KB

                                              • memory/1644-480-0x0000000000400000-0x0000000000436000-memory.dmp

                                                Filesize

                                                216KB

                                              • memory/1644-483-0x0000000077ADF000-0x0000000077AE0000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/1644-484-0x0000000077AE0000-0x0000000077AE1000-memory.dmp

                                                Filesize

                                                4KB