Analysis

  • max time kernel
    137s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 05:18

General

  • Target

    8613017ab05eb28e5befa6395e157e14_JaffaCakes118.html

  • Size

    156KB

  • MD5

    8613017ab05eb28e5befa6395e157e14

  • SHA1

    ef500be2124e32c2781f0407424273f0bf3d4561

  • SHA256

    d98fc100eb53a24c53829fcee1b2bb2329f9b2b59bfd8ba2168d9ca848b3081d

  • SHA512

    deb50206f83cf3d5dc20c6c3763cc2d58c88a126bb550265fddb47048f49bd3090b033e09e427afa89baca8d89586ea9f740cf687592a3123dc0e19fc278e569

  • SSDEEP

    3072:ifXGLFaAqhyfkMY+BES09JXAnyrZalI+YQ:ifGLFLqksMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8613017ab05eb28e5befa6395e157e14_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2480
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1912
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1888
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2108
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:537606 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2232

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d6bb6010e358583a7d55330fd33383ff

      SHA1

      54939b5be0e8d9f4a0e21b08af4f959be4f208ef

      SHA256

      aeb708622b14c09574349dda4c9ab800524ac69ceb538b6a4c00310b68cd5094

      SHA512

      2b1433f25745d9f4d48a05f3fdaacc2af71ad6316544fccf236aaac143d2b59da906057aa6266eca1f6766c8c17b04fe66c3db95cff164581620916208884d11

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      98bab5c5a20a1fab473e4fa56b595d05

      SHA1

      4bd2472c7dcf7ee90b08e0e822f32e9d23d6303b

      SHA256

      997c70889eeedfd4d497f8be63aaf517da0422d38fbcac17e626106ca12014e6

      SHA512

      b25a39f2f604817368c03f4edd576c94d58c6af5f2694c4f44213288d56a01aa9c0289efdea743c3fd83c9da36655f9329f93098331dd487589b8eabece0d2b0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b77ba2dfc30097be953265ef2eeb6690

      SHA1

      ee0ddbb630e5d4e08c116bdb273e63eee9f92c00

      SHA256

      34a5b2826c05e846990fa5591e4db1fa40ac531563904ca22604bfa617cc950f

      SHA512

      d39eb4e57beedddc4ed340d3378a004491c7f76f57235cdf16d5b15ade42188c03745d76bd200c85499b6344ddb13c0ea522695ef9cd59788f39be815012e165

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2349389750f3f2b80f3de0b66252aa21

      SHA1

      322726297574fc25205bcb53cf4f0c10ec38ca5d

      SHA256

      ac08acc20190d98849716df4903731b02b73eec3b610ee3153ecdb8d3d100314

      SHA512

      c4e9de5d66bf627c86b1bb263be75cb00a4ed9b5cd2d60f09d3a35ac5d4c3b2e3a58962aa86afe7eefabbdc41d60ab6322ac199595094aaf374ac5b84067f032

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      945153e81608e07dc9d2cc0828800095

      SHA1

      7449329082f64224ff3e15858102f9a3ac27f61b

      SHA256

      32626873ddc1e18252a756b64ec5aab3ad4b012d51c2c7b21646a42de304a3a1

      SHA512

      3b6cbcb42576bade6acbb99ef24189387ce0f093f7bdacd12012bcf37fdac29c2edfe518b7ae3861e393057a128d8fbd346a5996f36ac5f3fea18ef0f9cd619c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      af0b6a87e60848db120f3b61a8f9516b

      SHA1

      c334fd7519ce03f51e64708bb3b018ab5fe642ef

      SHA256

      6fd816bed8ed8bd8dc4b1697b2a2a153d3743581a03640cd452c82b2e135022c

      SHA512

      902b701f1037978d95b5d10b0b20115b71e5b95c2b14fc6f31cccd90ce44a4f1e4c395c9cd4a02f948dd0fdf9fdb08b515f9a95f27f1395a740fd04edfef89d7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      926151db76e3ddf5865ff0124928ac05

      SHA1

      907a18d640733d3b9f502bba470e497ceda35abe

      SHA256

      05bb79e6858bf4b74832d41c562361ad6a9e411d6e6c81fb2840177a0c19d24c

      SHA512

      a8ca878289d4d25b08796ccea0f8397a380552e7778dd1345b60a150cfff34530bcee4aee618a2870c9f063c31dfa1b8ca835d7d280da4bd750dcbec6c5fa0a7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dbe5983dc677b5e7682d3e9c64438fc5

      SHA1

      71f0853335ee82c4d9d2d79fd0421b802f4e83de

      SHA256

      08ebecbee718ae4f31b9500512531c968cf9642da7bba488293229007d0115bf

      SHA512

      30c550abe641c2de794ae9e6a908f3cd8f74f58476e838ec6a087ba9ef24a28d3d4febc729501b9eb0f38150884ab16973b741e0b1142f15d9319526cbc12d25

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      767be7a0ee77bc46ea624e146342d97e

      SHA1

      0d1e01c83324d101aa1b41e7026e2853ff5898a5

      SHA256

      f3cb3983cd698f8db5d53838c6cb59563a759efcc79f52e48974929d4394990a

      SHA512

      5cfca495122019b0b258f52ad399e2c1b4b6d1d3af2af8f5d7b0d1fb19cf78756be0a6fee628d3ff45bfe0b93266571810903e69deb15b70d93762993925b2c5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2235ed06044fe6dce4735ad4ab8fa849

      SHA1

      8d528b10d63a168923ac23b69107dc56f38c35da

      SHA256

      fd0d6c5d7b43f2d33e0b135061d6ff29d0fa7ab52d2b757c2bc29c3ed91dbf3f

      SHA512

      658c5ed9bced83a21b8db11e4d85899c4b3660ae41c75d43a872f184e4fda33b46a215d4eef9e11e611c30a499de8044f3410b479bd5a5df8286a99f32add789

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bbd9f2b78c148908aac3213d636728ac

      SHA1

      ed08318d623a0d962463b273e3aaca7679829a71

      SHA256

      5e61c7d71425a5d7c720052e93e7b9c998a25dc3d77e1bf668879a8d3ab3cf66

      SHA512

      111073d83051cf6c63dcb8deab4363193243dc444b119f1b27ab90bf3376a39db446570460464334e53037679bc7d8e5c5f03595bcde92cfb866ae693a14aa33

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b7d69d5cb1991d0b940cdb0438d088fa

      SHA1

      7af12209f48c03596d4caad89eaefdd465c35bfc

      SHA256

      c1cf778e5b80d63d2d42ba96db75f4f77d7d5148b40bb553edcfab55e4d7f79a

      SHA512

      4c5ddae358860b407dbd14557a4ca5b01c2e92d0dfc30eeb564b2bea8a8fe4a8931a748ae27e33868e0ffd45006401ca76d8a8aaa7269f02df9a32072e1fc99f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3023d8d729e4c8fefc99579a75178f8c

      SHA1

      91b44109766ed1dbeb1765f8878641dd585b655b

      SHA256

      ba1d0714ce28becba5ff65ddce256637526dc9f3a6cf1083be4f13b4abd7e81c

      SHA512

      5c23d7973f91164dd414c3aefc9188a123016c5a423d92f01c39087270a1cdcba90094f6b2f05b01727af26be8f0ea261cf6b87e6bfde3beb63846c62115ecae

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eb6281e182fb14bcc7fbba8b0bb7ee5b

      SHA1

      f0a99338a6cfc593b07a0a7a9189bc9b45d88edb

      SHA256

      9a265b1a6f355f8720f7712a05170391aa41cef97379988444d41edac6414133

      SHA512

      e49eb4e34258bc7fc55ae112c74ade341d8834008f4724f911541a09fd25b17dd599ae5581510fe1ef2404a9d85fe1b01de454f068d9f74de4fe2d2e83be5dc7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d731785b63a15ba54b7677d2ec341195

      SHA1

      44d1c324c7c1fe678f58116a0c3b421e0cdae8ce

      SHA256

      4976a20a50685a20b7587eeccc99c5a3f232c4df047998b2d0416d51d32b8eb5

      SHA512

      2b5a7243ec12f5aac56c05dd20e0c99bf7a7ebea33b11743870181ee657908628ecb413ffc9a1c2ac253871e636e2a2b64dbf6a402cc37ad8b386d69458d07b1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eec28b086d3f361c5f0280d2549aadac

      SHA1

      9a9031dffe1ee8aea1dc2a0ccfdf81375bef1f22

      SHA256

      bb710a84eae7e8ccd907dcf2e1a5a05b916851040e7e4c3519bcfe2b7d7872e8

      SHA512

      f2b6bf264ccc00f738bf6eee1b0972baa74b2490b2528b47530ed69234b5c61ff18cee0acf992e52f6e07b73bc0b4e0e1c4a6cc2b9dfa7530153e4d87fa64cc9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8efcbe5967e7ea045269d8d6f9c533f2

      SHA1

      a37f47ee0c48e81027b32e7a5a6d5236ac42b83f

      SHA256

      8794fb4b84182312f11ed3243fd955b51fe1541e9f613a0bde16fa52aefbd9df

      SHA512

      a6771f7a978b05c0994f053dda5432d8b5233218364d813fb9414931ca33fe4976c6e690d4a9212007e4b25151ee6f56ee4413095cf2592e83f220e919351c16

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      92f01bc1c890bc1c627d5ba575ac5ec4

      SHA1

      54af6f82596d672656cda23684864204b45cdb88

      SHA256

      3bbd3e5f6b77a0134285740860358d4410143f6c194cab2f09c7672a9f0cc1ab

      SHA512

      c23bf4fdeae771e7a63c75d2cb5de46c309a628034196490c45dc3caaa6c734e08a92ee0db1592d7935d490db46b1ef366ea2d5f5fdeba862928b4831c1caf7e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bb35fb73269c92fed9e9bdc42ac6c10d

      SHA1

      93f4169894d3215f91369f88699438dfa162b07c

      SHA256

      b8e577a1329cef168cbb40aa97bf02f7e507fd5c1686c080f5840716cb4769fa

      SHA512

      ae8950f3404ea4d48f06ed19e59b596634ef0b63c41d11c20201364a4547dc39624d3086e023fe140369b778868dad83c9ccb1c29ccbf199724cf03e47ccdb23

    • C:\Users\Admin\AppData\Local\Temp\Cab11ED.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar12CF.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1888-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1888-489-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1888-491-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1912-482-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1912-483-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB