Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 04:00

General

  • Target

    85ec03eba068a57e7a3ce7ab301a8e25_JaffaCakes118.html

  • Size

    118KB

  • MD5

    85ec03eba068a57e7a3ce7ab301a8e25

  • SHA1

    dff7bfa5d6d2e4f0058da7fd0604fc9ceb0c9e1a

  • SHA256

    218bc3caebef80f6db6dcfa124bcacfa426c3afa4ee0182c27c68a8cd22c1ee4

  • SHA512

    415c5ab48122a749f401263d3d5138b81d97c4beac7b522858e43a4ab65c76caf869d8ffcb4afac28900f439c0ea839561485e9f8accf7d8b1b77024073b9b38

  • SSDEEP

    1536:SlnK5yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGL:SCyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85ec03eba068a57e7a3ce7ab301a8e25_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2624
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3016
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:209932 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2208

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      92b10ff607bf690cf82d5759615d17b2

      SHA1

      0e28c8fee8ac9d62941df95fb2c23bf18b142c8c

      SHA256

      f3f37752560f9f70bdd43accb605a40883fe0d100867c40d12be3c165de0a2eb

      SHA512

      030f4c8168b0152c4beccad3e86ab069a6cbd55af255176185434670d82d8b4547c4fbc6eab76dc2eed250e5b08bed8f57d459fddd971369f9c0f069370a10af

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bc028589fb06c1e73f7cc582c59a91f4

      SHA1

      9e203648c4f76520521310f3d151357bb497f850

      SHA256

      a0b4a143fba5c11053fba0f0d3c352c46d013d3c12893aeabba13c5db17d559d

      SHA512

      72f76e774f8015368d5e4163b40d5af19436d72848da99ea6de7ea4b0d21a2daf62385994579b9bbb9a71214b738861eb0f82ad6831c673db06fb8922e632193

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      abac64acb66a694b5b49ea80ac35582d

      SHA1

      76164f9418bc4b39d162135a9e3e5dcd9a1ba175

      SHA256

      42f243d06ca77236eb0075e9ae3e8fbad0e83c7d5bbf2c8e291cefc0773049cb

      SHA512

      8f8c0486e7c117372febf1083f363963104464818e27415641e8670995fe39eff1320c88acc745ef70ac58f34896d5d7cf5c52de02dfd8ecae69911e289066b7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2d75e1a791b2684912ed4213422c3909

      SHA1

      c68dc3a818b75bb1599f9f569d251f9dbdff1586

      SHA256

      0a754ff840304975953eaffb76708ce1b16dab2c8cbe504ef6c818f19818c2e2

      SHA512

      ac698dba7d5c311cde8b561d5a38507eeb7678a76150c30b552126844b76c1d6fe8d4a6a36aee5f6217a5f7a38ba449f684c42dde23e40639e0a2f48b713a18d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b33a550e7f69e374919448b81a420209

      SHA1

      bffce5d8e911089417ed23062215b1aac54df96c

      SHA256

      cba70cd608a86a6e90adc7ae2fc19d8fc08814c386463d50480cf0f77bc44cd4

      SHA512

      4fed38f8a8a67052f47538aa75e85dec0bd3bd5f55d3ebd3a849086dcf7c15ae6b5ef09ff2eba22d835784262d1ec81f87e993b24e591820fde85a07058e0e54

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bd7a0c3dd122bb3781612e6700c34d3d

      SHA1

      a9bec341ff5be02f54f10e187f0627025d39ab0a

      SHA256

      358556760b7af2a7bf44d84ad8282be4c5c57d0531bb40043f8e2e3045b42916

      SHA512

      861f0a0a1bc820375f416e8c7b3cfb3d7f29c827714ce8e86d323ba1101707ad1dd6894e8c971677e046c894d623e0b97fd7fd611f9a62e4693b57d1a3ecce67

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3f4c2070b2c59d5be47204c8c8c9ed1d

      SHA1

      c91d1141e99087d9df3b47e86f1ee7b272ef16ae

      SHA256

      be64d9a8c5557ded56d7d202b5eeff8076d347b3e95b3a4d77118ffed9214d15

      SHA512

      dce3acf34bf91fcee9a320a9fb8ed5b990354650b14052dbeb9e241660ce613590e9970694348590a8a107e0dfcb6377d4a20fa602bee043695be7d7a3aa621f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a379459ab63a014f1616efbf926fe82e

      SHA1

      22270c82c519ae8ae5e0b39c31479b775e068313

      SHA256

      ea0210f6531c0c3b394b72b0cbc9034e54150b18f0e52e1f0ee7ef1664b9adc9

      SHA512

      fc6cec41dc8435847d1bcc4ba3f0b6c0f9314376f104745bbb08fea28706a3ec8e06df4c30f543e18469b4e48210a8738224e406bc6f354feda5f464a874a039

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      def8c31b151efc2fc458fb7c42589166

      SHA1

      bbe11e2ab18bd863f18c0350c084b9d6b7c2b918

      SHA256

      5addaa837f88f14256c8f51810392d9ae0e4c818b1eed12740ef8b4078dba0e6

      SHA512

      14161eee56380dbde4724d38fba5e2a369ff1deded4e84582b3c7a0fe8bde05629c0bf7e31e807197a539dddd95478a1ac268c33a8cd9467a338b0e978805986

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      38ab7112364b218af6ff06129fd331c9

      SHA1

      dd75cfbca8bee2fbd5e33d304e2a2704d91045ba

      SHA256

      299e6e6ec0d0338fe239df8fe0cb933ccf1cb9f1ece567173a5c99544c02b4a8

      SHA512

      861c45740c0194f7b4e86f77071abe30ceff1d46347a5dd4c592001a36f36e8a511d8244bcc72fc755fba3b011b5607741639cc76d05e7c312640801c1fa38ea

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0c751ddf9dfa7a9f33213b431d277f56

      SHA1

      da166d550536851795ad64817df389ae2ca27cef

      SHA256

      407e982ad27cb0ee29e1591a7074e1164243168c3f0c15e53b5e9249b01e6311

      SHA512

      779ac91e10ec6f4269aa6359519393ed05286e758af8debd928544a18f169843df671c9184fa66d5397a34622f049a8873a2948d2e9455e8d253c6c3f064445a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b0104dae40c53a915442e79494deff4b

      SHA1

      8572cdacd5725788013a72404ddaa5a55243947b

      SHA256

      e13ef61a841a7eae4fd89b1127570599cf21fc30a53498ad9f090a0a41650ba8

      SHA512

      37ecc1a77ca8eaf7dfe135cba6d9e6ef68bc50c234c07dc09be88daf805a2da9161a974a860b5e306f012378bb15b5b20fcefe23904022f18e615ae38f220962

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      51d78a70fb94199fd1704b2176bf5a0d

      SHA1

      818a93123c73954544c1d773a6ae2bcec91ef3bd

      SHA256

      cce7e41957c3aad9881ee9ff3f2094d589e7fc2084aa3aac89786e1eae0e0e51

      SHA512

      b70c44ed30ed7740f30a59ad6c1f3c2434b30bcd1ddc8cf104d4a773e5b8e4a65fb4506020f0eced431f63511a24b4f08a5f74d91cfde85eb018a51a7e223da2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      76b77b68c98a31ea7761587a65724a65

      SHA1

      bffdba50089136c2b2ef9d1a8a45c260171887d7

      SHA256

      30b2f97f40ac87937e92bc5d16771ef09a1a5ca15e6dbe9e5cf636f3a77e1afd

      SHA512

      6045a22ac00859c462e176386b2b13da6765f348767294483540913676846d53170185dbccad1c936669917f8c92443f91b218cc7f824a254f6fa01d0aa12bd7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d9647feebf86df5f9ecb831b03f8e1bd

      SHA1

      b9489297a7fe998283f6e6263ce99a9e0c28b8f8

      SHA256

      2d914813f22c7edc4e113b7cc7dfd426bd37907d9b1a87462dc455ed470cff7b

      SHA512

      2390d0baf8944ba615b49706d2f2eab4d95d098ddad58b7d17425e5337975ed350988a672227323a01b90a2c391268b536042c43b47ba4b158af67b412dc26c6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      33bedc4ffc8c8f1e380f497fc0014d2f

      SHA1

      41672f893c8c0c851c214c201f31f07b3d5891d3

      SHA256

      2bccce5691d2e165fd0175b8f3b9e4043ecd921e84116f4a45bcac42518ca08f

      SHA512

      e47ee911166e565102c368ec962c367707367464b8c987d330a092065141d9132b444bf822c208d4649bb94c78c2968f6fe543711ffbfa7260c7bb8436f9b32a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e0f8778759a6b988a6e71247c93afcd9

      SHA1

      c26c21c9ce648ab465827bcb36d3612188cdfd49

      SHA256

      d43ada845a29e5173bf612f6605045bc3d02273e2ee25e84aa2a0880425424a8

      SHA512

      f559944427e21eaef7f699acdfda93ce85650b83a321e0ecfee373c75557296344407a55b9c15ed1aa39d0261975f96133695d3d65847a762da44bd2694c084c

    • C:\Users\Admin\AppData\Local\Temp\Cab3556.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Cab3632.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar3647.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2624-10-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2624-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2624-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/3016-17-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/3016-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3016-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB