Analysis

  • max time kernel
    136s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 04:21

General

  • Target

    85f448edd2b705595214a0b4e76cfc08_JaffaCakes118.html

  • Size

    184KB

  • MD5

    85f448edd2b705595214a0b4e76cfc08

  • SHA1

    58f6d921b7cd57d2e678f0b1879d4fb20f5c5795

  • SHA256

    4311ad9fc8ebb5dde6f691810f21c164c6526641449912476c8f37893aed0705

  • SHA512

    3c5b635f9b7dd0781e6a38ab57a7aafe37e38757cf10eab7f1623aef64f2fff7c5bbc8d84e7277a0c49caf257d654df6b73be41ca955bf670a43f91d030ff509

  • SSDEEP

    3072:RyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:UsMYod+X3oI+YS1tA8

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:376
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:472
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:604
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:2384
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                3⤵
                  PID:680
                • C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  3⤵
                    PID:744
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    3⤵
                      PID:816
                      • C:\Windows\system32\Dwm.exe
                        "C:\Windows\system32\Dwm.exe"
                        4⤵
                          PID:1192
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs
                        3⤵
                          PID:864
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService
                          3⤵
                            PID:1004
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k NetworkService
                            3⤵
                              PID:332
                            • C:\Windows\System32\spoolsv.exe
                              C:\Windows\System32\spoolsv.exe
                              3⤵
                                PID:1036
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                3⤵
                                  PID:1096
                                • C:\Windows\system32\taskhost.exe
                                  "taskhost.exe"
                                  3⤵
                                    PID:1132
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                    3⤵
                                      PID:2804
                                    • C:\Windows\system32\sppsvc.exe
                                      C:\Windows\system32\sppsvc.exe
                                      3⤵
                                        PID:2884
                                    • C:\Windows\system32\lsass.exe
                                      C:\Windows\system32\lsass.exe
                                      2⤵
                                        PID:480
                                      • C:\Windows\system32\lsm.exe
                                        C:\Windows\system32\lsm.exe
                                        2⤵
                                          PID:488
                                      • C:\Windows\system32\csrss.exe
                                        %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                        1⤵
                                          PID:388
                                        • C:\Windows\system32\winlogon.exe
                                          winlogon.exe
                                          1⤵
                                            PID:424
                                          • C:\Windows\Explorer.EXE
                                            C:\Windows\Explorer.EXE
                                            1⤵
                                              PID:1268
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85f448edd2b705595214a0b4e76cfc08_JaffaCakes118.html
                                                2⤵
                                                • Modifies Internet Explorer settings
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                • Suspicious use of WriteProcessMemory
                                                PID:856
                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:2352
                                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Program Files directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: MapViewOfSection
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2624

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              70KB

                                              MD5

                                              49aebf8cbd62d92ac215b2923fb1b9f5

                                              SHA1

                                              1723be06719828dda65ad804298d0431f6aff976

                                              SHA256

                                              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                              SHA512

                                              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              a11d35a2e6fb985ecace9c2f70343568

                                              SHA1

                                              e21bd1c3040d802648db7f4e68e9af2d4c3b8933

                                              SHA256

                                              cfb38f8a97e288ccdfdc318aedea2111641a5ff4af8765371ff18a0a1e97359e

                                              SHA512

                                              961834eb2c80956d503e9cfa026bc0708ae2037e06d7a7a72fbeb29ea84a938c5f2ff41ac888d06b9cff4a85fe9441cbd2270f67fc7e43490a45b6d6dfa474a1

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              5d4f9598d509d86e5079abcc215d358d

                                              SHA1

                                              d82447f817226117512860f7a8cea0d9fb8b5cb0

                                              SHA256

                                              5ed2cce14033f6c13cb6261959d20ac7d9ac4131eda721275199034e7a34b461

                                              SHA512

                                              683ce52a79fc6cd4dca8465e160286dc0280fad72767c01f6f7cd405585015a5bb99f4816fdb3d800d5d04a461df4bdeb73c0fc6d0561638b09f89f8e4bda1c5

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              e0f57b2affdca8f1c950db1cb9103ac6

                                              SHA1

                                              de02b02ef66a8e64446b5ef1fac43637002302bb

                                              SHA256

                                              b8f953b0c84f389efbb9122abc400244cd951d0c01d9211dae67db44788b28ec

                                              SHA512

                                              a8ae8c09c81dbf1b5cfb66c4c146a057b6144327e2e682bbc2a4498abd4f2ac080b4136c1b6c8d7099e9f8a036ea62f741707ef9b4c03916594efa5a7c6b4e77

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              4f97a2566c61cd4c56ccb09baec72b2d

                                              SHA1

                                              22401562579dbde1555a6ff6fc780757b575379d

                                              SHA256

                                              8bae74dc5043f7baf4d7fa24e778243719e370334d88c3375c8296b87f922109

                                              SHA512

                                              85c5c0ff45b0411cdc6230128ba5fab577a30c227fb7677878ceed690d82be89744c7eb3d1fa77260add3e09b62db7063922ddb7e5099fa7f6ff8fdb6d1e0f5e

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              b04b00b2742acd6809dbeb1c7012984a

                                              SHA1

                                              d9268de4e0460ec8ddc9a21e17bb04889d2c9b11

                                              SHA256

                                              0a54ef5c8e01f7f5dd1e2bd6dc1e889455907ae80082aba2ede16ed0bb390a1e

                                              SHA512

                                              b8473b8df94fe663bfaf23eb08a66a27394a55e395b75be646ff5d09fb1d1eeb2589acd809da4658a14209ea35f99d47c33516d47b744bb58ebd5199697bea1b

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              2097aa47c8a14feab6fe4333aef84668

                                              SHA1

                                              b1b6dce0982a0eebfb3701b2771ae0821da76db5

                                              SHA256

                                              f726fe787bc5314f05f6066876369de59d11ea4c81633862d99c6e9f64a9527e

                                              SHA512

                                              45d992116b6ebdbc79f17ec9b7e881c4a4e894b93cadb93907fa26c6f8be2fcf95b631f2f34b1575e70b191c6bd3635f31ca9863aa58a791a5cef0d9415db276

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              3987e3b7818dcb6acd48f6fd363320ca

                                              SHA1

                                              4a18ab68609af6c87e8c91a66251bafa28919dd1

                                              SHA256

                                              a2f57266795756b1acc903ddfcdd3153e92ee4a34eb8b0e6f644d9d9b32ebc79

                                              SHA512

                                              e1e929bc3e44eb149f6a35f5fe3f2267616a95f8ebe9432fa309cba074f20a37dfdbd0c3b4ba8e4a70a7eef45a5a0b4cecd88a91da67e76f8ee1b58c46f4e782

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              2599460ad62c48c830f80e10f1b77c2e

                                              SHA1

                                              bb8478d7ac4f62423e789603adb56f6dafd79b7a

                                              SHA256

                                              1cd59e38d8bc31e95d28b6c8b11ad93555edc2ae18fe7929b8a5d8d33124e2a3

                                              SHA512

                                              77b842f02588aa223c21da3717f5620563311b519b2cb4ff5628cd50c4ea7ac72bdbb114fa0f5d9620eda6ec47d0da53e6342a564b33f98b0aab6de9161c4b77

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              e2911ca75e093a69a67af1203d1b080b

                                              SHA1

                                              abb11699398b40c1aa2c687cc946a21f62d9b863

                                              SHA256

                                              909bcd95ee8e0f4b24a8395d96e36c68e13fb9a92b1a3eced4faba76041069cd

                                              SHA512

                                              efc5fdd47edf8e17755f5ad3632a359b6065c4e0a43321c118f9c4fa938fd60002c6252c69e776bd70e868dd48514076cabe2caba76288d826b0efdc892042b2

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              5be7f4ba6b27f2593dd5649bbf053440

                                              SHA1

                                              3e5323e8fe141a49d146f1782ac6cdfc788b6030

                                              SHA256

                                              839cbd17184dafebf8d110714a5fd37add122cce75211204e7177a36f50ab289

                                              SHA512

                                              17a3e6ccf985a9b4a960fecaddc540c78a4a62a0a6fec5361afee72c14e49024fcbf71f85d369144b85cfa815bf8efd3adce7adc0559c6227985b4bcee7f3cb5

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              bfb933fd6803cf9a9cbc2a98a197dadf

                                              SHA1

                                              7bb1cc8e5e463d399231d1edf9a360ba2d79d3c6

                                              SHA256

                                              c6b8593dcc86f2f2bfba10278f46d5132c2a8ad62eaeeb4080fd098c5442983d

                                              SHA512

                                              4da3525f1f6281cd4a900e8cb56c018dd9890dc688a52b7c16509030bf9d1546ac5c5cbf9d054606366df3407fffec491f87f8ebb7a104359d133a6c2926d5e0

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              ea36a306bec3ec31dd37be0586696fcd

                                              SHA1

                                              ce434787a72a9e734f6e2d80c1ac152e318a13d4

                                              SHA256

                                              f7babeb09f20aa58efc68fd0d692f8b8e8d0a3ce12f4d1f72357f67920adab84

                                              SHA512

                                              92bba9f0152c75a91930c2b131da890f2b7cf7f3925fc6ead381ff25f499484b95e09ad722566085ec9153be78084a958768ad1f3095a16f865c2ee8a64112d1

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              f44fab2815d0f8c435c19fe6b16b91a2

                                              SHA1

                                              36c68d0fff334a975ce5d7b42fad40cad541071b

                                              SHA256

                                              abd7aaef671ee0f43194efce49573d80005515a08115696dcdd94b31de1623b7

                                              SHA512

                                              a8e439ce7ea6bad67c080821bbd608c005cdb57dffc08710d6a55c547369281fcb2efa58f6b4fe791fc86020358409031cff44210ff1788034161808bb801b86

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              43442a2b1aa4db570502577385ec09ff

                                              SHA1

                                              5aadfcfce8c5bc8d3aa5c2f5c1a71b1524f0a3c6

                                              SHA256

                                              e2135ccb4d9074883bc6d29ec2735a83b660fafd79e894cf718abd099362c9df

                                              SHA512

                                              9e17934baaba7941d8182a7b3140b570818d3b3673c0d0e2ada16139429eb28314f721a62504a2a4b0423686c9748368d3c5355a7f58e0a7abe60d2ebcfc0b77

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              41ec79a48ee64b143eb26cb5f9cd0f82

                                              SHA1

                                              c3cf4e235943fd82859ded2e72c4fa700ed54753

                                              SHA256

                                              a727f825783b049b32fa2615a10e9366b0f2758bb343b5493965a479615a2ca4

                                              SHA512

                                              c590f37ba0262e12452d52ed80243ff55f9d2ff6668863f912dd972729c8d2e34b3a495050c8eab5542fb9ebe82e602782d49aa3e3cbb4cf2fba7a5cfb84db01

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              0dbc1929a5b1d32b2eb1d09d67528c2e

                                              SHA1

                                              ac44d2213694bed0a34cd4c554db2c52e47dc632

                                              SHA256

                                              f0d1e3c9b87cf9b526839c0130ec12799f3cb58675e7fa1c39e0d0d79d9d7b77

                                              SHA512

                                              2a3258b506814233e3b948b55e801e7d145573db30e4204c3a4d9f13b7842f8b5f4cb58b4bf00390f2aaa099ef0f17fca69a9a129a64ae2d5acb3dc1d46ebf8d

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              b0b15f991a9903dd5190125dcbc991ab

                                              SHA1

                                              12b24ed9d5c143112e156bf96290fdb67c2f0826

                                              SHA256

                                              5e3b9814eb68267c57f7d1e9852c3d68079d5f4f7a37338e526be88abe56c3e7

                                              SHA512

                                              02fea0f096f2a5eea35517bb2f5f14addda37e77e6cf27cd1355f39c09961202e45bf559a4537e910e26a5c304bd7b932ff7f52c18771371bf9ce1d089fbc5b9

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              046f44aae8127da904713000878db0a7

                                              SHA1

                                              2ebecc9e84a7291b112684f097a9426c93164636

                                              SHA256

                                              c7e7125ce3b85178a17e3dd942e986617e3251972d82c3f8c13772b39abf2911

                                              SHA512

                                              e01bd60ac819645c81faa4fe0b284bf8c788a8849eb3e50243553c1b71331c4a792bedeb6d13bbf37776700f4f584ace32adef5fdc5048d28d565b6be7936ddf

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              b67f64f09f1b780904ec0041fd07ed84

                                              SHA1

                                              28e25189437235c344feb5546f68e9da116f47b8

                                              SHA256

                                              b6e9bf88cecdda0354b192ea61fae328406406e9984e5b3b7ab6a27416ecf2d9

                                              SHA512

                                              cbe89d963a8182f7797b90313a19c87548e8e312cdf2d00c574822eb125959fc65ee165538f95e9bc34d5e6c41186e95e5569e96c14acaf83591dbbb06acdfda

                                            • C:\Users\Admin\AppData\Local\Temp\CabAA16.tmp

                                              Filesize

                                              65KB

                                              MD5

                                              ac05d27423a85adc1622c714f2cb6184

                                              SHA1

                                              b0fe2b1abddb97837ea0195be70ab2ff14d43198

                                              SHA256

                                              c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                                              SHA512

                                              6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                                            • C:\Users\Admin\AppData\Local\Temp\TarAB28.tmp

                                              Filesize

                                              181KB

                                              MD5

                                              4ea6026cf93ec6338144661bf1202cd1

                                              SHA1

                                              a1dec9044f750ad887935a01430bf49322fbdcb7

                                              SHA256

                                              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                              SHA512

                                              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                            • \Users\Admin\AppData\Local\Temp\svchost.exe

                                              Filesize

                                              84KB

                                              MD5

                                              df455f0fa8fb3fa4e6699ad57ef54db6

                                              SHA1

                                              51a06248c251d614d3a81ac9d842ba807204d17c

                                              SHA256

                                              15068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1

                                              SHA512

                                              f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6

                                            • memory/2624-8-0x000000007702F000-0x0000000077030000-memory.dmp

                                              Filesize

                                              4KB

                                            • memory/2624-9-0x0000000077030000-0x0000000077031000-memory.dmp

                                              Filesize

                                              4KB

                                            • memory/2624-10-0x0000000000280000-0x000000000028F000-memory.dmp

                                              Filesize

                                              60KB

                                            • memory/2624-6-0x0000000000400000-0x0000000000436000-memory.dmp

                                              Filesize

                                              216KB

                                            • memory/2624-11-0x0000000000400000-0x0000000000436000-memory.dmp

                                              Filesize

                                              216KB