Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 05:09

General

  • Target

    860ef4ee601e04cf718b803d396d2a73_JaffaCakes118.exe

  • Size

    976KB

  • MD5

    860ef4ee601e04cf718b803d396d2a73

  • SHA1

    d727cc9b9e6f9eb61bf0570b40bfad24b5020967

  • SHA256

    81d3c02b7213337dfb139caeaa1a297ecb8a9e752fc2fc92b3210b63dba4d2cc

  • SHA512

    e149ebab0c4b65ac964a4a5e2b8800b9b59ba88d82f17b2d359e5f15c0c56bb3ef69fa0ff68b8f5883f019a055bc4ab6e0ef36009be368a676fffd7702e01493

  • SSDEEP

    12288:aeqRBeM+sL8E4bLwpkfSftu3rlskpp2D/SMZoS2b7HoLP:aeWBME6LekaFu7lsGp2GMaIb

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 31 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\860ef4ee601e04cf718b803d396d2a73_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\860ef4ee601e04cf718b803d396d2a73_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Users\Admin\AppData\Local\Temp\860ef4ee601e04cf718b803d396d2a73_JaffaCakes118Srv.exe
      C:\Users\Admin\AppData\Local\Temp\860ef4ee601e04cf718b803d396d2a73_JaffaCakes118Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1460
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2556
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2368
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1e0511b7d2c0fa38b12c6b8c556b8c11

    SHA1

    f0032aeaf6f568c306a6e9a2b56754ff2ef8f637

    SHA256

    bfd092d1b9b5c9bfa098254192c5c12d8f8fb1c5298e92cc6cf2bd6b0627bd67

    SHA512

    355fb6cf14265837ead17dc33198396a09b993cc57a9e0af3a619178b2a4eaed9ec82924b6b05ab873fb2b313096839c53c93d738bb811bc6ceff0c2bf790262

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2491138e3115f741c1441f5f3b398956

    SHA1

    0885c413fd1f588d60eaee3ff757937035e5548e

    SHA256

    5b595f5dc90808a9cb73428a73e5effd61c9488892453169ced6d28adbb44fd9

    SHA512

    d5f84f28a9e469b1882cbea114caa83cc292b29fb358055ea068b21f7f924f12d9b56ac783fb092ee371d239c46f8e8fb716258f4d65654e5903b0fba651b915

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    201ce1a0ded2fc07ec09dc93902d6b13

    SHA1

    e048cd156ec23c0ed39c9bee3819536d77874079

    SHA256

    652e24cd0b01b8cec7f2bb1b274f66a1a575d282d20953657ad0f68bfe0e8792

    SHA512

    7ba071ca5af004e788263cda2f00b228f0278263721621468a88f5287444c69dee34c639127707e6e4d4b5307f5a22089f54176f187b0c1753f92674c8c3be6d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bb1dc27b0799e30f60e5021e629075ae

    SHA1

    f4fbdc3e46eb415c857508adefd5e1c8bd39b9ea

    SHA256

    2190fd7c5e89c709e4a2c17de35a3d26cfe958fe3084864ddb55c8938971b547

    SHA512

    3782fe01163b00aad6d397bcb724ce6f63764ee8ec4e1cdf54be431f4c1532edd601092fc1389b2ce799f8c9a87a1c8f1908288a2237d007c10e05cc8b7ed495

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f72e9a359ceb66ed8b1cfed979ab2037

    SHA1

    7c56709a802c5f7979cad2da75315c289e0b3215

    SHA256

    53b3fc2df807542dd1fd6b3d558624783ec03fdc3e5a1fd06f448c854d1a9f6c

    SHA512

    01d25c4ecbd3eadd2940b1c6b6981be5641504b9883063f1462252c0bce8ac293769a3ee8f4c2baba9682521120744b9949304ac8429b64756e6ab0255900173

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    35dc7bda689914d6aae6fbec92fde2a3

    SHA1

    3e2a28275db0db4b222c88d66126915169381f34

    SHA256

    144df838cbc99b05c5b64185904947865660d133bc101a21b9081bc33a871515

    SHA512

    81b33a6f9716adb60f4485c8a45926d72913b44b5ece1bb68d83445717614e011c8c7e5db3b4e069ccb11c2146ed4b764982991fb40d4bf94177cb6d248f44e1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2a3f929dc3db422d53ce98d39d983dbe

    SHA1

    f2a945b1492651032f980c98edc3a425ce50e3a4

    SHA256

    b2ebbe8830f2a7f6c946982d23f8dfd19a04ba8f501695d2eded0627a605ad3c

    SHA512

    ad35a099916507c80a5bde55bdc858883076c53f4cecb08f8fa569c08f65a91e91be2a8084162334013ae1a8f148048a17691095e09efa54a8fb5b19d91551e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b3d09d26150d7a3a30e3d8689ea30380

    SHA1

    be708e11d9a84bbc51cca99ecb4780d30c7f875b

    SHA256

    0cae09561445da88d75c397f62166dba48b5b297a26ae0f6062adbf8813df6c9

    SHA512

    a656b1e98ff37d14817aa58268a24d6a4efb652e10ec191dcdaa7e6ee8251cf85bcb3069cde3c8e93d2bb5c7f4fbc16cf1e1bb48012e53af08433676f997a685

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    52bacbdac33d9e7addf07b65d5ae2ecf

    SHA1

    defc46d7dc5ff77d5a804feb7e98e95163c351d9

    SHA256

    a0d6a21dd95819d0c355fb3f519d48a7dee140d73b70c93374db3b3266f9cdab

    SHA512

    4eeace078cc318f6ac5e2c84305d2e79aab008cdb96c07dbf8b36c6e87334197859a70f1753b670b39862ba908ae5eed2e6017c6387fe4ab34f068b9c8f4b37a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0fb13776af1d92bdc82f19bf0730e96c

    SHA1

    def2955aeedb5d57f49fb1ab6d971fe26fbaba62

    SHA256

    9ca1cb069c2762b97160e5d73fc1b3e29a2572d2fd17785bd7454956b6780d80

    SHA512

    595c7757699a70e1acad624b6512dea1549bc6befd3a276a0aafa3b3dd9f37735cafe5d1e97158199e5aa321a862ac86ed2fe3f89976583a7079ee6e8e34804b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3ab2a4b816d652b4feb1772e0c120159

    SHA1

    1de8e8e5e9871b0fcdf68aab937dd83f3f4a391d

    SHA256

    06fb75aaec446b506ebdb679394caaf5b9cea839e8ef7aefd04c14af6ee705cd

    SHA512

    8889201217c7d2c432637623f296570f9cfb36c209af85daae2afc6a4b1a61df82b97f172e6cdf6ce2729aa72a64c7079f071ec6d6c9be42bc88260e1e1fb249

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    31d640c0ef07f0cb04562a1764e5fa51

    SHA1

    254ca86b2186c3b3315708300b146e9e213a2008

    SHA256

    80972fbc848b68066a6ee95f2f6d21afc29d701d5e24592095f0dfa07a92a288

    SHA512

    91c5902608ae7097bbeda6fb2f1885a4ef04d0d544d82e0a122b20c3270a976825434e3c1bf80c34f975b9ec9c80d6875fa651c4845c4ca1ae38574296448513

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e45315dec5ae38b86db248d5fa61f7d5

    SHA1

    619394b968e7d395102171f036f44e4ab213688c

    SHA256

    20caf10d6a2d0e80f3f409cabf4534a2d0e3d976d499253a5965fa767159d8d8

    SHA512

    0bd0ed4e580c94ffa113d974c5272f2216794f71c72aeec0929de68ca74b526a73dba9655595d6ae8e90d1879d212eb93d5d7ab18edb87c0fa9b214afa56565f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fdba6db3d86edb399992026a6461982a

    SHA1

    a8993cf96e793ee52f9078f3b52957fd624679c2

    SHA256

    bf6adbdb27211060380eab69e1240a5a314a9e409d708a53e2d467078e8130ce

    SHA512

    b0f883c5c9df8d143e561dd13d3a830b873a79fced922cdef0a4e244968298a5a896cd4556d41d92e843b42bca303048756ecb23a68ae9b6045e4872498bf267

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    94b7ad2e173a1aab2bd61427cda79be0

    SHA1

    f812c48694fb923eb694aa81c136b783c5fdd9ee

    SHA256

    633464abaddf6da285eb64b87170f18e421a81bfb8931631dbf070fc179077c7

    SHA512

    c466a1d160643ba469c57762c19d16e4ee5b4fcb86d9e1bc130bac6e6ed3186354ddb947f62caf59d5adf79136f256fd689e0cfa1622269a6eac75425ff9c5d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e04a6b02b814344197d6cec992d1bd78

    SHA1

    55fe5950085ac034a66bea66de3909c4c7a4b576

    SHA256

    d2cb3ea4747aebfc9e1469fe85a586bb054dd7d6bdcf0514503f60ddd8603444

    SHA512

    b246349060a0ada0f337025e7631d12ea8015cfc34e517ed355cf13f41e6ac5998b2805465d08854a918629bbdd735268b4b7a50a2ed0dab3934956d09e32407

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e6f4a5465885b8dc5539541c8a5f65c7

    SHA1

    cf0acd1ce000b53e5eb0d8080720241aaed8d0db

    SHA256

    bfffb335ab6596a90c78eee2ea6f7d4a7cca060af1f2073c8a35ae206f54b796

    SHA512

    3c2e52b6319f3646aade2a64e9d732e6d2864e5069942134915a033f8539564f55e2c7a455c5359ec36c7e95b4762eef5ac6f94c6b807505fd1eec0381e059b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    914bda9351108f090f31cbc1b75751f8

    SHA1

    c1be3dede0f6e114394f6b846d1da981f9856f5f

    SHA256

    efdb789a2235853744c5cba15b88a81cb45d3669621c2cbf945b9390d619c421

    SHA512

    f5905e50157fd40f1d6481108d0ee90c91f90f2c63d556dd0ed0a4432e3fc35b0ec189222f5e8ade64fdc74dedb1c3c89534f3e01fa0cfc00acd20e9a2308f93

  • C:\Users\Admin\AppData\Local\Temp\860ef4ee601e04cf718b803d396d2a73_JaffaCakes118Srv.exe

    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

  • C:\Users\Admin\AppData\Local\Temp\Cab29C1.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar2AC2.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/1460-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2100-54-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-46-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-33-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-5-0x0000000000250000-0x000000000027E000-memory.dmp

    Filesize

    184KB

  • memory/2100-27-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-25-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-23-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-19-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-17-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-10-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-7-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-72-0x0000000000400000-0x0000000000523000-memory.dmp

    Filesize

    1.1MB

  • memory/2100-36-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-38-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-40-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-42-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-44-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-3-0x0000000000400000-0x0000000000523000-memory.dmp

    Filesize

    1.1MB

  • memory/2100-50-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-71-0x0000000000400000-0x0000000000523000-memory.dmp

    Filesize

    1.1MB

  • memory/2100-52-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-56-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-58-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-60-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-547-0x0000000000250000-0x000000000027E000-memory.dmp

    Filesize

    184KB

  • memory/2100-548-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-549-0x0000000000400000-0x0000000000523000-memory.dmp

    Filesize

    1.1MB

  • memory/2100-63-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-14-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-48-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-13-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2100-11-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

  • memory/2556-68-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2556-65-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

  • memory/2556-35-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2556-66-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB