Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 04:55

General

  • Target

    860800d3e30d660f4abf395860d082cf_JaffaCakes118.html

  • Size

    189KB

  • MD5

    860800d3e30d660f4abf395860d082cf

  • SHA1

    5f9331bbd021b6b1733d02d097f39bb865e9fde8

  • SHA256

    ceb72d9eb653d4f61582ddda8e545935e5a9ed56aa542e21ab93052612487d73

  • SHA512

    14ae013a8a3368e46eb75f8b80372793a53f8181de9dcc465606bd5e0224f08d7e1ffc55d1f9e11896622c3c3b4001fa99520b8704bf2e7cec53286210f5bf5a

  • SSDEEP

    3072:zf/ECHKtQxyf8fYtCTkglHRsnyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:zfMf8f7k4sMYod+X3oI+YS1tA8

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:388
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:484
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:620
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:2404
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                3⤵
                  PID:700
                • C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  3⤵
                    PID:772
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    3⤵
                      PID:836
                      • C:\Windows\system32\Dwm.exe
                        "C:\Windows\system32\Dwm.exe"
                        4⤵
                          PID:1172
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs
                        3⤵
                          PID:872
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService
                          3⤵
                            PID:1000
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k NetworkService
                            3⤵
                              PID:300
                            • C:\Windows\System32\spoolsv.exe
                              C:\Windows\System32\spoolsv.exe
                              3⤵
                                PID:1032
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                3⤵
                                  PID:1088
                                • C:\Windows\system32\taskhost.exe
                                  "taskhost.exe"
                                  3⤵
                                    PID:1124
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                    3⤵
                                      PID:2336
                                    • C:\Windows\system32\sppsvc.exe
                                      C:\Windows\system32\sppsvc.exe
                                      3⤵
                                        PID:2160
                                    • C:\Windows\system32\lsass.exe
                                      C:\Windows\system32\lsass.exe
                                      2⤵
                                        PID:492
                                      • C:\Windows\system32\lsm.exe
                                        C:\Windows\system32\lsm.exe
                                        2⤵
                                          PID:504
                                      • C:\Windows\system32\csrss.exe
                                        %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                        1⤵
                                          PID:396
                                        • C:\Windows\system32\winlogon.exe
                                          winlogon.exe
                                          1⤵
                                            PID:436
                                          • C:\Windows\Explorer.EXE
                                            C:\Windows\Explorer.EXE
                                            1⤵
                                              PID:1228
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\860800d3e30d660f4abf395860d082cf_JaffaCakes118.html
                                                2⤵
                                                • Modifies Internet Explorer settings
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                • Suspicious use of WriteProcessMemory
                                                PID:2076
                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:1748
                                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Program Files directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: MapViewOfSection
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2536

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              70KB

                                              MD5

                                              49aebf8cbd62d92ac215b2923fb1b9f5

                                              SHA1

                                              1723be06719828dda65ad804298d0431f6aff976

                                              SHA256

                                              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                              SHA512

                                              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              b8c551a964d628ab85c4c96c0a2085b8

                                              SHA1

                                              cbe7cce83a6f0bb76107110303c0ba90a86c1e59

                                              SHA256

                                              14009a73c24becf8ed769e884b3364e95e20631350bfa75553f3099556de2df3

                                              SHA512

                                              7176c2e762a6e6883b2e5e360e2e554c82db762c896d913c11c5e6fae02f052cab9293338c5a933dd397f6a7fb8b45941cc889dc2499103a9f132d5426ce79a8

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              cd5bfe1f8bc6599694fdf1fbeabc34a3

                                              SHA1

                                              993f24091a81d55dd99d42fba1d598457e59f3a7

                                              SHA256

                                              3ae55eab51af8dec8f63ad07cf0eeeb4dcee73ddc609a5433c07c4b374f8116a

                                              SHA512

                                              83ba4663b8ac34bdc3cb43b50e5aedf21cc25ac5e684ba3b43340ea8820dc580f474f5e3867d0c6c4b286e968cb2e45b7f276e21d7289426bbbb4c4c501b490d

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              eece3113c27ba24f1b4524a56ee62006

                                              SHA1

                                              bc2aa4b1be4d9891c0c672a8fff9563174f5ed5a

                                              SHA256

                                              1efae6550daec660e91c560291fe06bd1fc4c4848ec1e31b35f0f366b0232ee3

                                              SHA512

                                              78007952a1fed5847f9c8b53d9a609a55af14736df301b3a89cc702ffc076f009065955d9cf7cd7f54db1f18bb05b47a06bb492396136f284c44ae61eaa69e43

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              13feb439442efcfc9644dcf5fffccc28

                                              SHA1

                                              3744762793eb00132c8ee26aadaba44d5cfdd630

                                              SHA256

                                              2a5558160026547fb52ce0787291d55c54243c2546d8b8b2eb58f350db7182e3

                                              SHA512

                                              ffcc17ee2d79def4f1ffcf34cd636d814edc6ca6abf7d6a715df6d0d9e91c658e5e9942e190a588f8fc7a3a02c1c6332e41715e7010115b982751cba11a05149

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              1774a4a86b006970e1945f382c64236b

                                              SHA1

                                              f0d3ebfc58da0890a171f5a0b1f8b84996fcd3d0

                                              SHA256

                                              8d723c91ea51be0c64f7e5ba3b07157c376df35435cfc80221d75a50827c4dd5

                                              SHA512

                                              34e719137e3dd342f3a160f788c9d6e2f234e45f06bc1bcb24c37ad064d07ee0fb1b0a2b096d5e338b9d43591fac2c860e845eabe7a53b6f70b17493c29a5578

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              3fd242b1b7d5d789f76f98b713782b49

                                              SHA1

                                              cd96bb9a6dfa94f0257b100ee4a150a59bffc430

                                              SHA256

                                              69a03f9277aa9d2fbb0ecdf3cc3812fadd5aed2e7a25a72fc64eeb7c82202aa9

                                              SHA512

                                              9a66bcf3eba1a0737810d885f2551b4e0d7bc123afb5c8a1e1ec7b8f0ac8b347517731c3955bd510f70590d4d17f1e8b7111c66e44baf0ccc8b8f4c62884136c

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              66b2aeb329036c15205ace18c6d848c1

                                              SHA1

                                              b55fde58802ecc1b5b50f31edd793db6fe49b5a5

                                              SHA256

                                              47ce0757e71a17dd7233c5af5fa25564329d02d9a0700c465e29736bfe48c111

                                              SHA512

                                              59767db54e341a7bc322fa2590f1d1f1931af91abc4157b518d5bc7d0deaee44772ff5934acc1fda2a6d8283cb17f0646e0e4b43efdabca8e09cc1225e73bc43

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              2fea3fa5e8e082234c3d8fa35671a99d

                                              SHA1

                                              90a83f0e6ba65741cab348c6f0f2e48f6030be2e

                                              SHA256

                                              e55a6e6c18fb826e25e476d1b2c50ae9793994e61d6109dd19581e7407b82563

                                              SHA512

                                              7e358b7b203559197603fd2541bf9dad3f0dada44740a3c466bc51468515b550062eec62120f6bfb66c75ca3ee863a483c3f44f72d288715acf2a8bc56fe58e0

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              b0a41e66dc1c83c442bc3c16560453f7

                                              SHA1

                                              88a070aefc55869e074b7593b79c7a61eb76f1e2

                                              SHA256

                                              2bba0d39c2002450165b3c7dd75efd2eab8d8159e38321fefa84b2cba15df468

                                              SHA512

                                              dc6fc106e095d66bdc114012014113a854040f71ff1d93cb4322610d421890145389a2dc125b3748dc229328b9c7ea61d89234aa7339885f16876899f843d871

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              65a028b0576445ba74c625b6892c3dcc

                                              SHA1

                                              ef48c62711886a33fc2a03eec3300d9df1700b05

                                              SHA256

                                              59b2406d7675d37fc0087213008bcb235744cc0f695d4c6cd5c7caaf88fe2ebd

                                              SHA512

                                              fdf3d769111c415aa0cb624fd73dc4b133d340bfccdfc643f44d31be6ea0c26a1a1b1316d412c53a055d1129ecdeed09312071266cd0e316b47970b87b0887cc

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              1d1dc0f7bda44d24f639a0dfbf394cd1

                                              SHA1

                                              57d325757a0bcf73cb603e420ea0b7da8fd71d77

                                              SHA256

                                              0b4c684065dacc2cbd43607bc0f3c704b17930c8e882bbee00e1bcc7b36763ff

                                              SHA512

                                              b5685c4c4aacaea07f1243d2bb23d71b40e4d6d9c2f1bf73936ed110bed39dc686d3d584444392bcebd4f9f07f7c375b56f0e0b0511a5f7d0e87032dc539a9e0

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              b7d76774e457fcf601781935a32b79a7

                                              SHA1

                                              9508c71060d0fed7515304ee7ad9729c4e40a8c4

                                              SHA256

                                              ea319ebecee1d17a582413fc8d63ee1a2d66f6174fa46a4f6ed414b97b4bb22b

                                              SHA512

                                              7f2f594c268430cf3a369220dae8a2206cfe7cd5d77b5a8a9b20e61af59d82fa7fe53141fbcca482fa5e0bae6678adb7b23b7f72efad8c791fc844a078fd20be

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              862604e113964340420425afd90925f4

                                              SHA1

                                              18eeee02308437f0628bf0352dca7b37572fb8da

                                              SHA256

                                              b3a6a275038066de254ebd75a9ec5e0c882231df931b6557fc019b7020a357bf

                                              SHA512

                                              973db56c2b9ebe8a9e51d913f82ac92fcea346e6e686d09c03eb4aaabee815be6f284fb3f8466812271667b6f8b16dd074635ac4b5e10b9ab97ab8ed092e0fd1

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              064ed8ad9b585c59b114cb4752cb8db2

                                              SHA1

                                              cf6356ea66bebdb47c5c9da6a35802d8ea9851d7

                                              SHA256

                                              0b04a94b031a18099166b3e1eb1516a00aac388bd1f99a83f4c033eae55db017

                                              SHA512

                                              0483ac8dc029ad0e250390573512733cb5a224a1bac8eeb58657a30641de4310918b70bb99335bf586d4f25b7039829b447b712e4689e67d22b5bae8425d7b3f

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              5627960d12ee53f9dcc1cdeaee332e0d

                                              SHA1

                                              2435c259adf31eb1df703364a5338a300a5ce5de

                                              SHA256

                                              60dd48809e5601eb27926ee6e182b4250fd66804b09a87809663747932a63c00

                                              SHA512

                                              7f4cf6cdbea3ef4fdd44630e60b8110fc39aecb7fd70cd751b631130bdf425472384b72a1737823ee85f81a9c38134a59a67235fc9ff139d69049f1f38d1490d

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              1dcaa435e486e440f5106ecedecd8045

                                              SHA1

                                              9ccf70ed1f1b15e4e135f97866be7ac22d916bab

                                              SHA256

                                              526f56029b9b9ad181f1ac225b237b3c1810d2dcbc6c733eeeba1359305eaba3

                                              SHA512

                                              05ffdc2ae444c67885c14d3cf3e6cb1ecd52ff95b697a7ea820cdfab4daa22ebc2a988207c0156bb09fcc159d1442caf677b9fbd22ae8773bffb0b17f2fd8ef4

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              14f6657976376ac59bec338f35ee076e

                                              SHA1

                                              8149d1d826ad7214cc32e6f26d70291047615f5c

                                              SHA256

                                              e1666f70e98c6beb0a065cefab31a502035b9e0ed9761f2937a637d2d2fa4767

                                              SHA512

                                              feff9a8912bf73dc930b4f16ad6f19db391862e1ac4e10bfdb0f741c69d05336ff1fe70e3e211eecbff9401df1456eea4d761b2e4132790db10428b0c78cf534

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              55e85029e9c725d61d0c917ab9c4b3d9

                                              SHA1

                                              101e0a825d9a49aff2c640ef2a0df4dff9f504fc

                                              SHA256

                                              b0aa28f088451c34c7b9d7a28082e8784cca8eee9ff04fc0e8b859315b3f44bf

                                              SHA512

                                              a4ac3a595baf32ff8e341ef14b84cb786f52ce6f922080a492f5d80a7fa556ac25c355b65501e3b6c8bb5f915f66d684387c4eb46f66885f4ffe888125cc9f2c

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              f4196a9b7b6febbc5419ac0dc4d278a3

                                              SHA1

                                              0637048512b52ddac557f6b0b9d62308c33e7099

                                              SHA256

                                              7eed4a0b37d068996987ddc0a13026c902fd38411579164e2ed7de9d3d2c22a8

                                              SHA512

                                              d8c5005c8cb79b0bdec0c573db234d7b4f73074ecf72cc99678a9be933f6005b505a11552ab7de262a71049f9a3b9dea721c81578e052ae73d89f5dd2a0e5116

                                            • C:\Users\Admin\AppData\Local\Temp\Cab3AE1.tmp

                                              Filesize

                                              65KB

                                              MD5

                                              ac05d27423a85adc1622c714f2cb6184

                                              SHA1

                                              b0fe2b1abddb97837ea0195be70ab2ff14d43198

                                              SHA256

                                              c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                                              SHA512

                                              6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                                            • C:\Users\Admin\AppData\Local\Temp\Tar3BD2.tmp

                                              Filesize

                                              181KB

                                              MD5

                                              4ea6026cf93ec6338144661bf1202cd1

                                              SHA1

                                              a1dec9044f750ad887935a01430bf49322fbdcb7

                                              SHA256

                                              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                              SHA512

                                              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                            • \Users\Admin\AppData\Local\Temp\svchost.exe

                                              Filesize

                                              84KB

                                              MD5

                                              df455f0fa8fb3fa4e6699ad57ef54db6

                                              SHA1

                                              51a06248c251d614d3a81ac9d842ba807204d17c

                                              SHA256

                                              15068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1

                                              SHA512

                                              f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6

                                            • memory/2536-8-0x000000007755F000-0x0000000077560000-memory.dmp

                                              Filesize

                                              4KB

                                            • memory/2536-9-0x0000000077560000-0x0000000077561000-memory.dmp

                                              Filesize

                                              4KB

                                            • memory/2536-10-0x00000000001D0000-0x00000000001DF000-memory.dmp

                                              Filesize

                                              60KB

                                            • memory/2536-12-0x0000000000400000-0x0000000000436000-memory.dmp

                                              Filesize

                                              216KB

                                            • memory/2536-6-0x0000000000400000-0x0000000000436000-memory.dmp

                                              Filesize

                                              216KB