Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 06:07

General

  • Target

    862c977eee6193ab46f2779a7e7e99f1_JaffaCakes118.html

  • Size

    135KB

  • MD5

    862c977eee6193ab46f2779a7e7e99f1

  • SHA1

    1df2e0cfb9559d9f34ebfd3e81a855f9239f0540

  • SHA256

    81a8dbf3449cecbf8f48d102271c4d289a3fc52edd6c7786115bbd0928bfe556

  • SHA512

    7755691cb53e9a3dbf31f23ab8a9964ee33cc461830dff494f84a9c072e6d30fb1abb6d88b0e15e95095aac9cb578796c518fe8a5807457d25a2fac1a7024f7f

  • SSDEEP

    1536:S0hbShcMzOyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:S0hbdMzOyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\862c977eee6193ab46f2779a7e7e99f1_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1284
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1644
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:696
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2804
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:209939 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2952

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4d231061c0de0697425aa99f07279a72

      SHA1

      5e461ebf6d73f278a3452d7936f4a8069f8697d1

      SHA256

      6c5fd464d11cd05f4ba6bcddd000105245b4d194f6760f3ef2c00a862e46bcf3

      SHA512

      3f5686baadb3d873230b869fd2ee556e3ffb924ab231a02fcbd15136b5a1e6e2027424f40a784d16e1020c9683a83c73afc82972db45bf9ac37cb0541b6d0122

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bad9dfce300e5de62ebc67de74c78640

      SHA1

      b7449232183d06fdbbbbc17c260dae660e897373

      SHA256

      d2b0e64d20cb3f2cc2478d07d2133e7745b3df69f66cfd4bf02349aa62119e86

      SHA512

      c7de911d250b01e7a525f8101f4299b6431b28fb5ff8cb6a3f40f6fd44e9e0a8e4731fd07f2864034899bb8365d5f50889d5c22b3ae2e1b7adb8923ad79bd35a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bdff6127b1796b27a6d437e5df204850

      SHA1

      bb892b709635aa89cb0768b647b53f1a3e12dc0a

      SHA256

      710f4fb9cd5fc09178f453a17d1a2b2a6c75bd675a9c7b4768a01d11ff22b501

      SHA512

      9e5837ffce93873debedde898eeae99e8cffbd877bc83c072a43ed8d164455ea688b2a54d9bc55a74a03a54b0cc2cdf2cc716a7130a98725190385442dea5b37

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f10d037f1d76914026c298c09b7ee4ed

      SHA1

      34a88db02b2a1cbee869d532443a0349b224c076

      SHA256

      ed772c4884d7e21bb84665aa1d95d67eb9a4b1161c3bea3388084b8172bb7b64

      SHA512

      e6f28eb0358ea5ee71ecac42a93525cd55bc3b8390e6d038a36c846342eaf944e852734f37b6f0ea949f85a4437c22c1c8e20605822a7e94addd8011ad29faa5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8971c30472de46d2ca13ca89a5c80a48

      SHA1

      7cecffc6ddf434025ccb3efc67d70636aa8b2c14

      SHA256

      eab6629f232561be207f3051d07e3112f55976c8659f3e3bb19d83e5dc7d9a03

      SHA512

      63ceb5704cf1346ed7dde904f923fa0619e76d33922ae72e3e3a11a2347c40b0c88b45c98228c32a06480248e46d8e638b2c2e5ff1089358f943271d92020bcd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bbdec8a79f485bb8c600ad934564c2d4

      SHA1

      c522a25e28e400b0a05a3f0661c8351073b3fcd3

      SHA256

      1ca62a8608c6eec92a675aaaa03b37a407522fd1130a2f7d5bf36bed8d0f9810

      SHA512

      860cfecd01099de93b62d8f650315c2b4828b4e8720bc6cd2ceeb9a224fb820e524199ed717419dbc9a1cce5ee1be5748547ba4dada29b747321b09932e54e8b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0fc224d4999550a81459ef51d82be678

      SHA1

      b29f6e84c7cda161e6035ea7135814e556d8bf34

      SHA256

      9446682fbab43a74c01942989f36fa07f5a4d8d6d424c9cc176aea0915f9688c

      SHA512

      e7d35a0d8a2eac9ea695d424f888e81136354c2e326beb210f27767606a16e76d7d195ccfbeebaa7ec6b63ce6916180ba9576a6369856854aa61204db59bfbee

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      13e5fc0395efd241720eeebb536acf15

      SHA1

      6f43fd9148c76c991b8aface86d3e4b66bd60efe

      SHA256

      ec7e78a01ee8592e409eac3e754fd05ae100e616b523d5b390b39a6b8c0fdcbc

      SHA512

      f5448d98b8eaee366ffa9be1a2ac699abcb2e238b6ba0af3906a1f033901fbbfb3fa2e5c48eae78ad90403eaacbdb088c90e4c741c2939fb720c5df69f02149e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      28131ff557fe5adc067babc4a5f300f4

      SHA1

      23d6fea721527cbda736ef7654c4b5994cf5d114

      SHA256

      ed28d28b7f5317c9afd44b504f3d98007c1621df9ad36924d2d73e36f3515bbd

      SHA512

      3c727d0a09cdf515d8081e8a59583d14eef124f05edb5092fe67614e42e59eb17303c70ff056a3b3674981517c46080943cd0a47a2d8310e65cbf314f9848687

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      63e25af18de6ea94aa3f66b837548c16

      SHA1

      a202d805b15df410117e262114819fbc085d0185

      SHA256

      736fadf36ea465ab4192e7db5ee99c028ab6f482a4ad8114452e2f88263c3846

      SHA512

      b60f9b99ee43dfe6b67b3c812e80b8218554ea28de7040293ef01d9b8bcbd73e6156da45fb621713d462eeba65addca5d31d73360ff407b04d076fff2371057b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      89bd5190b5e5b0f6986c16d909e58d5f

      SHA1

      12b419f4b44db76f0dfa52cdbccab655a1ae4b54

      SHA256

      7571f61fd742eaaf816705463f95170ba69a108620ef8c032d8ae1a2f305389b

      SHA512

      9749d5823285790bf23913e2682b25f3017bfaca649ba8e9822fd0326d704f9353d1db222256ac705aa50841ca46af796e87e3c003dfd99f87d9310e29b8594e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fc2517335b7d000c47fb53c2116fa2a6

      SHA1

      cb9c4f4f7b85944df70a6c1bb8ab88c74cdb1264

      SHA256

      f95014c456e78c125687ba69225c10c62f71773a91fae98e4f5ed86f22509727

      SHA512

      80d9a8bd0cd339ef018d5de555c051d30b9dffac1aa18bcbcf5229ba9fd3a3682022aa28aafafa769798bdad6d2cd32058e6ea0151ae1416777d7284d9f7c109

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      656250263db285dac8aaa01af38e752b

      SHA1

      0a8fecf2d1cca78cb22e3844d6a543ca54a784ff

      SHA256

      cb34eae5fc83ba7477addc4929fe9c9d3c07d0ad5b3b0c462e8cb438a51482c6

      SHA512

      3eb6b9e7c3f9e3085ade7c5239c6565f299dfd434f44ae26380f843dfcadc36f7800eb814f24a3a43f5c219262dee9f7b243c723890239d9d0dca12b9665b460

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9ef5381de2fae3cf4857000c0a45e45c

      SHA1

      8889bb19eec0b0dae8e575117800da4583c5e3c7

      SHA256

      d5b1323c9baf83d464036ce67bc88032bcdd28a53723aaf0ffcc77d297be0e07

      SHA512

      0557efb36949a808371ca116646b94c321d3764baa2b12cc483eb616f9400101a73ea7e17ca4f59a018d050826c8040dc0907ae9132d904b80d407d266f91788

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      939a275f607dd89788b7e6ecc0682467

      SHA1

      ac4c1beb666f4d28681feb77a2bc1e8dfcf6e2ab

      SHA256

      7c086d88636ec3ee6e15e17993f0d759ee70d79081daabecf774e2b21c6630ed

      SHA512

      16655838fa2741c51715cd4ca1c6bcfece033faba7bb84e431f590dec1cef25a138498454ace01231d3312e4dd689aa79dc259efbb8f17c77cf4a87a3cf24975

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      da838191123f55d2b8a3f23b9f80cf58

      SHA1

      b4926e0090e9025bd02552c1deaaf8a41e4b4249

      SHA256

      b79a962d049c63b5325be3a0c34437726e7f29f9bf6d899cad1bceea044e8c67

      SHA512

      ae1153c83db3607bce6a74e9fea731eb980c3891ac0d6e3b6d5af49a8847d19773b7801a9789f20068cb33c08ab68d9170e9fe0beeb3062179671b983b9ad867

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4b83bb4ec297875a2a75a7b2207c36c0

      SHA1

      8e9eac80040a10173ec0bf210fd0193a2ac931f4

      SHA256

      b06ff1e952beddf10c7b616dbe0ccc01c31402d5c10c9d6b75fe406fdf6b648c

      SHA512

      b7e85b74c49b91bcb29dedbd805ca1c285df1e750c6b9be5b2b767d60787e90813b78d1b7ec5fa8cdbbed07d6b96ea4ec3cecf633a92cfc815257b01c1a467c4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      89965898ec1a985e9d4f2f6671bdc1a0

      SHA1

      4684d479811ea1a0ede19a7e30bac6e4f969a3fe

      SHA256

      58585b1751cce523ec5d2e66ad7da96f4c207e2ba7e796cdcf9ba8a04f626421

      SHA512

      879283e5bb5bbec1e1dc204338eed47f71df2089c5f08b266597ab7078ce9e5ac47cac00fd6b4d408fe58162943e3fdb7579cb0b1a4154dcc720d3e6ed9e9d8a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7c08f56deea9f707c99435c81182c9a7

      SHA1

      8d662550f85030a23f01e2611b80690cfc02f4b0

      SHA256

      448aee93270e5192130224216ed703ceeaddee093e34000f2846cb448a3a339a

      SHA512

      d50e2560df68d810bfc2edfbd2f66caa88344516dfee117895e3bb8c0d301f5ced33ebc16cb9fa5b5b1fce71c649b28a1e8dbf6d7b58c655a4f4e41954212201

    • C:\Users\Admin\AppData\Local\Temp\CabE3CD.tmp

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\Local\Temp\CabE42D.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarE441.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/696-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/696-15-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/696-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/696-18-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1644-9-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

    • memory/1644-8-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB