Analysis

  • max time kernel
    121s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 04:52

General

  • Target

    8605e735f755b19186b654efc2857890_JaffaCakes118.html

  • Size

    153KB

  • MD5

    8605e735f755b19186b654efc2857890

  • SHA1

    3bb02b34a2d93a1db99c9d92fb28effca87f43b3

  • SHA256

    1d69bcbc72a131a4d03aedb66bfc6a0e0f6dbfc97e46f675f12b606cf17a1ed1

  • SHA512

    0c26d3afbe6623f9c5422f91fdca6d5a4ea14b0566d5c952ad23deedb8cc54eb355ef5403cde0d3920a5ba3e15d0790ef4d8c5aaa9da3fcdbdff78674d6f127f

  • SSDEEP

    3072:SeF88KF/2jOmoezbyDWZxKpxV+jM6RyfkMY+BES09JXAnyrZalI+YQ:S56UsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8605e735f755b19186b654efc2857890_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:328
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:328 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1908
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2724
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2660
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2520
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:328 CREDAT:209933 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2548

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      22d0dccc69f0d14a07500050efa55ef2

      SHA1

      bcbb5cd56715e516bfc386f874c9080ad47d5897

      SHA256

      de5022009e55c1b80500859c88d489a6a3e24a8e56c0d481b7fdb523455d713f

      SHA512

      e67ef219f87970a2180cb055359a8d739edd1fa173bb2b0c1291210845925e39356c049136d74bf52d4a5d301ed2a5f51e8754608cf9591fbc98ba0c2cae5da0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      07b0a0a12e450074f0c805fdfc8628e6

      SHA1

      240474db5c2381524446e99bf45c06aa83b43ae9

      SHA256

      11f99a9da38e88f3f71268e4406fcfcc6a16ba387c317bf436fd9f85b98e7cdb

      SHA512

      5063ddf22ef933d0571c025f859c136b803cc4416e441a107ea3e439f7824c13ec084b0490aab6bd565bc2aa65c1f0d1980d9141b486c8eea29e2e9f4cbc763a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      a007ab62554f5d52ec8190502f92a33a

      SHA1

      8f391774b1a449c21b01f1bd4458be2fec6c2369

      SHA256

      2187b8656f8667d5e55a6c9bacd25a6a957bda539cb04016d1ccd6dfb27aa485

      SHA512

      d9f92945479b5078e45cd2a2bcb8b9bfe0870beb88e0e2a6d920f429669c8d18932ef6db0c7f41309f18729598dc414ccc3c2a15cb2fc70dc46f53430d368b8c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      d0cd7ded44985e9eb3bf6beeeb95a9be

      SHA1

      73d91e6cad69c4c0d4a7adfe3f17e313ad9c824b

      SHA256

      cf392cf390fc999ef69603d87fb6704db2e8067faaa7c5299d0a483c1d7d5bd8

      SHA512

      838309b18db92f4bb128b53d8b4fc8872a81edbf58b0dd0acc834f90325c9aaa5dea073143b651b9a13c4ab02b773c78d94576e5781687d09b258bfb50082205

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      3794d0e58dcb49ea2ebc75bb1b832aa8

      SHA1

      19a47fc7418653591d7dc17a2135c33d626e3c45

      SHA256

      5073cbb495135a047e750b19b1b2b10303a3c7f118dc1f525f42513d8faeb877

      SHA512

      771284c6099d1d6f8ff53fda6e24c335d54b9376aae06d02b3b3f45a78da5fb8e3c8441c05888751dc61ea86780652c338b1430f5423449dd5b9a1a36f37c0b9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      2ee043931b530250039f4ff14a766466

      SHA1

      e36e5dd19ed959c30c482bc24fc9a53800c68042

      SHA256

      3bbd74c866e5605513978aad93d10ded074dd3c6f4d6bbc026c4cbd02a59554b

      SHA512

      394a58f7e416bc5768397fb1da2fa29d3e6c5ac7cf59555eaffe7ca444f2e628abc18f7f0ebfe4b904c103c7494bd526b5cecd62d2719a60e9632227e33d4cd1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      c1dca4bfa2174024d5bd4796fb62b6c5

      SHA1

      9deccd55a8f66413f789f9e8306b374e5d9f9597

      SHA256

      0c931d867570be93f5d1976b14c333311b2b14f37d8a4e5191a6187f2053c943

      SHA512

      bd56a279393959dc611fabf3e1ea32e74859cb8337e21067f0d9df5fe882955ef2294ea23bf971f013bf9e96a5aa841afa8da865a7d4ca6da04a6b770f0bc2be

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      84c4ebc704a3aecfdd2681e40c69771b

      SHA1

      38a36f0a2fa823732cc3f8fe1226cc09efa1a2c0

      SHA256

      5ffe3fc45fcd1fbc55981982759370f0b1e63e2dfb9906d7f5ed421ecc295010

      SHA512

      97ad84f3f041f0cd5d95d11da7b0362f8b19cd2edca4e4db11da985ee784260dfc01046d3dc5c5efadc936184326bdbe1d684369ff3ac4942d6a833403a5f6d2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      c2a77ec288649d2fc5bce1c80ffc6a44

      SHA1

      e014d37f180d8a8cbfd5db30b205acba828f94fe

      SHA256

      0f360fbfcaa17b9397f380e1ca7aef48c2ad5ed5050078c721bf9ea99e827ac3

      SHA512

      d82281b07d0d894a3b0ace21673b1481d479d5f7789ae6f1eea71b7d66e9338e8c1fdee93cc2437b17362423a80cb023d836efc7140c7d44694bbe3e63b85bd5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      2dafd0aa6aa3cf2e4f3caca66471fd30

      SHA1

      b78e29dabe713d2483f91f49631a24bf086ef8c4

      SHA256

      cbcb8d50afb0699aeb656ec63c12b108e3725f84eef781490591c6bd9b14ed94

      SHA512

      68fa912ff72fffd9796ce6e4a54b108446c5eab4e99295ebd8362e09bdf3b4e602853091cb2de39cdb2c7a21dd81dbd620476fa11105ab1a0394e9c986e1cfd0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      8b5af42895c74545c218c60c808ee669

      SHA1

      65168951d9393cb19905ed2432af301df8bac6f9

      SHA256

      d350b764a36172919570e95afc0d9873b24aee9afc70d9b96eb3091644fd63b0

      SHA512

      4c96c799ee44cca9dbb65f6922b7df7bf9fcde14789a85a387e3eb23e2b1ca44ebdda767775bf649bf3e86638e96c5555eee564cdbe9dbc30d6d1d59d533c59a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      69d4585c8e75b14bee77472e025d6d3b

      SHA1

      79128b6b68fde9a05d5b9a800a1c28d45b439bdc

      SHA256

      55390159922faec91d83d8ad7c574d11e3542deec3b5086ec1ed0e7623c74c69

      SHA512

      e706079f66a54434fde42c6027d8eb83f2c9c9f9050ac72de3de67fc36043806cb9405c0625fd9c2c7c5848b46cb704c444ef26b1e21b53f09802d8d25200307

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      183e0be3776536c0892da5a6cd7588ca

      SHA1

      99183db35f2a56734f9908b4e435798d9d31df77

      SHA256

      1ac4b15507b2fecb532d5292413bfb740c51abd5ffd607fa05dbfe7cb2886862

      SHA512

      f061b9c0d9222cf1502ca748a098b563945a4ee034628028113e650ddabfde3e773e08b7880a81221502aa48f81a49c85d3c987bea2eed30a7cffb85699becc0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      bcaa0aa2a5208cd4c6ec40edd195b16c

      SHA1

      f56179b5dd6cd3c0aa84d23228cb1268bd24742c

      SHA256

      57bb0d863d8c178c80faa81405648201cbf68ac1b83e487b7c1ebff389921177

      SHA512

      e84aefd6a0d32dc7a8cb17f7cd236de342610398cb6571310ad17bc2357b3ac034f91714057366e4dda750a6a96c3696c36b77efd77a6a16a80d6f2d86b0a846

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      80cf85fab356d5924eef59ab648adf99

      SHA1

      cfcde2e8741379d125f85620c5cc07f9cd568b2f

      SHA256

      21892fb61d99ab541bb2876452e69cb7db88a14871d5a0c32c33bbd8ecbf353a

      SHA512

      8e68a95fd683d3284349448c90d3d3bb1ffecff7ed5ebab863fac1462bb180e8879e4deed88e7a2701bd2ee85996f518860a9cf168b92e7ea73f775356387681

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      f7cb36460ab0e1e0766334d217e56913

      SHA1

      da419ded8ace4c4d971fda605c1f97cb71a462d3

      SHA256

      64e70229ac4f1ef6b7c3e32e799bbc6f9bf717e42fd872a04a797c1b4e26b61b

      SHA512

      9252c8d4e7b40fb94cc2bb2294882e1f2f6b33b2de91b1349aa34625eebb8bc8729e69993e79b0f3cacfd7a9f01227b9a689fa691c342d8bdd3fc09dd550db26

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      7db53b8abe1157b08f1c249e80b354cd

      SHA1

      a542cb32b2ca1786d12299b836124588afba6e1c

      SHA256

      8bbb4d14531e7fd08bbd0050b28e1c2eb1c755b2b6227c00dbac2c42f029f357

      SHA512

      7e0178ffb1b5197fb02f15d00229129a069f8ef4f9c3628c7a405738038fa63d8949aaca1857cbe6573e7e648b9c60ab1b81773cfc15d34a0f982152f2c08e61

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      ec2001e2631209fd0af4464b6cf41ad8

      SHA1

      f25f3b444dbd32ed209ae4bd7c61b4deadee44dc

      SHA256

      8b5854d115932e67facb46a033ec8982e7583b369f2feb7161fa67d846357610

      SHA512

      84343c4defb85e43f133c3f4fed46a06e9f9ce4c717e318e7506dd625542671a1c5cc8fdae26acdf163203d4bcc512c4f82256d7b7dc815fc3b8674b6ace4397

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      0fddc99f343e9f8ff114271d53bbedbf

      SHA1

      78819f24425ed9912e05f8cb233ac13849cdcaed

      SHA256

      56235d8424ec4d6b9d3c479f65e49d45a4efa85bbf2e7862d31a1c4476c23388

      SHA512

      9406f3b27df7b6ae45cb0c5ffcf8e524997557c04d2ebf889691a4cba69a6e213d92317cba606b9687be450a2ff22c15a5536cc0a95ef64f6446370a7ef31c14

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      fbf03bcc81d06e9482ade767b887f42c

      SHA1

      ca949e087b29dd6eca5f55e3bbbf4c7f625a2253

      SHA256

      8e059499a99d7bb9a478d0dffbc5774d0ba33ad272dd04ab94b7dbbf94b43c6e

      SHA512

      31566880089f9c612b1fb0146299083246dc9069415b57769d86878e16d54e2fab95a7dbe0a0b70a1011120fd4ef9f442be690e95c94fbed7e9b5fb86b756f23

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      2a02dec2c70d856d3a91e61cb0ffeb82

      SHA1

      3839d8c87f5acc803e5614daec11f2b5f5e20720

      SHA256

      6bc6f8dd94937c2f5722c8fbdf63ba5f0fda9d7f50939a66a740dc6bf1e4f6a7

      SHA512

      cf4b377324842949e731cfb21a85d380407adf6211b12c3c24c3bf1b6c1d1ee1f146501ec6ba053251cd6e0e7c9ef4d8046683bbdc1b9ca6e5cdde9ee32ce776

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      10921551ae8a7ddda979c137e755fb5e

      SHA1

      c570fb778422362966e6d63537c386569ea6d69f

      SHA256

      a4db6e8be03eda3c90b215a4eb14e56ddb7789de1d0984482b86717f35395193

      SHA512

      aff295edfb8449fa17274dfa856803a734d24b1b07246682d78b50e80239e48cf869ec336a316c0b53bd9e41b8476072cb4b7de265793f7a5025c8de1f2dbe2c

    • C:\Users\Admin\AppData\Local\Temp\Cab3747.tmp

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\Local\Temp\Cab37CA.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar37DC.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2660-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2660-16-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2724-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2724-8-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB