Analysis

  • max time kernel
    137s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 06:33

General

  • Target

    8637f1bd5c2b0b86d8311e05d268f823_JaffaCakes118.html

  • Size

    154KB

  • MD5

    8637f1bd5c2b0b86d8311e05d268f823

  • SHA1

    7daa98f42c8af52ddd601ce86bbc63e823b44795

  • SHA256

    70f92f993f8f72a885f4c5b6b32ec4399b0a874873d1ba81e6059d81b7bbba83

  • SHA512

    b8f60c9cf308916a7200fe51b31dad143c5e8eefa7795107ab600bc5c6f3a68d53cfb1c64b0115917623ea33a8e1f35fbf4784950dc904a23b1118aa7b691033

  • SSDEEP

    1536:ijRTeCYoh0zUQ5huPMyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:iNR72u0yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8637f1bd5c2b0b86d8311e05d268f823_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1308
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2036
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:560
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:472072 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2288

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f7abc9a3366a348276048c315d60e419

      SHA1

      51e2102a1e063a72bbf9b1a76f05a0ec46c5ee02

      SHA256

      f3f1aea22e1a9ff419c08a97b1aa6630448efdeb45987e5357ae889a68a8ddf3

      SHA512

      29bc33c91cbf8dd6cd56580388d138b2b3775b999ed579f912d78f5b0d0246dd9e7abfe2e106d511859fd4ed4d71de1aec0ed79001cedaeb40ed89557233a035

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dc07d5e9840c275fadb4616c560be164

      SHA1

      97a8c9b42711ec13b5ec75636d832dd44fe17334

      SHA256

      43d2c8c77d9d26c771e24554293599aacead70e55f0cb8185dc2873312d12c50

      SHA512

      5f4599516f5fda8a93e4b767264de7a3e3f8c77ddc99eb85fd5055332aa92b73091ec5e5707687705824afe667e7f348dbcba17cdf3809274de3ef4b41bcfbf9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dc2a30cede47f22eb5bd707916faf708

      SHA1

      5d5020ee7fd791d4d4d73765528f8d293c6d1b40

      SHA256

      ba70d159887cf4dde40b2de7c70be4e5e5877c7455ed6b79d1350cd9daad5836

      SHA512

      947d9743228eb102fb8aad71b16dd654a9bd425a71425c0da62566942740dc62e55b766f616129e4b03e73a37bce1c7c9f71d30676448d287d94ab6e48422285

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      493a412cf45d632ebb7d051328c61eaa

      SHA1

      36a451e1d3c0d039792aef07f3fab52cb27c9427

      SHA256

      3b1c1ebc94815c9b4547cce7b2dc528778ed3660ce19b1a1a9ed30a26c273b5c

      SHA512

      b38738b78f78fb4ee063fbde91a426bdf3c6757d8e65df3df63c3776ef5838443bae8159b6718c2502a9e44ab2a1c65fbc78092a8723d2d9b070214ce4552eaf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dfd91c50ae38fddfe7febd5d9aa319b4

      SHA1

      8e8087dcc629eb1da708bb68072f020974c392b1

      SHA256

      beb3303fdb53cf4fa33eab6902b4e810cf887cb10e51bed22ba4738486456ff6

      SHA512

      5685a96939855b63680ade11527d71ce347d48b3abaacb360b962cf4b16b0ec58bd5be34180b8a2d61c376edee6ca948f3af154fb5f2f062799ed0d9c9830306

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      88cba6b142df2c05ec4da57ea177a403

      SHA1

      db4c3cc678c6eb3b13c9d9cbf1aaf49b19d1df05

      SHA256

      45e7a1cacedd4eba9a31c5b2d3392909b7e202de437f34673636bb43b4b0ae37

      SHA512

      ce13f09a4a1243473f04009f384d2ebd7297e28510bb6935212037d463e7648b911780b329f6cd7a992066fd300cfe97a4392bb7c59621b43a31941501c76d23

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1194dbbef79d8f4295b6baa68b67a353

      SHA1

      6dd7c684638cd0ca3f2a834cfc4e1a1a082556e7

      SHA256

      fb86aa5b63b9d48a8d698a1438b23e2db993ffb92dc8a9f935074aed14b3f2d2

      SHA512

      43c4e12434bee3e500e8829f5adb7f2a799f98b4be13c5157dbd80a6ee48add83532f7a409ad67b001b9ff376c12c64b912e8324771235d56f57abbfd2c405a6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7e88e8fcf4f6cb7c21b77703d6807389

      SHA1

      1e8bcad447e775161195c20fbb020f55bf794080

      SHA256

      6582d8e1e6f6a0ff2893f370300755d4fab5cd54d3ce28f68b5e0c061c8c8ac9

      SHA512

      990bbf3b567f4ac85bd3dec9e0c98cda73657ec5ef48681420834f651cdf7b73c3e66038a90cdadb30b7a0b63e7e5eb6eb577c2b9e19a0c08023a03e87bae52d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      222915e860f2e51c84693cfba84409a8

      SHA1

      b1155f0ffd161b3d30cafd8f62eed31b56ec83fa

      SHA256

      7e8e0e4231a7598520917afdf22e780c863267b33c3e419e861afb01f6ac2d0c

      SHA512

      a40ca8d7a1a88dbb9c41112dfab43a21ff7eb2dc794d4c5de43209915e644918b02cac5b0bbc2ae0962e3a44d0bd056955a0b02e2de77a696637dd6caa513e86

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f2a392e272e7461d174b1a21713c07bf

      SHA1

      d5982eba1089e29d35ac38503890eb619faf4cac

      SHA256

      0665d70c1fa96a0335dd2f258e69e3562b7a6e78e63ad963d976616dcc534eaf

      SHA512

      a5ed735ff3ffa6c6235f0a8b349fba2aa10ce73ad9dbd58c988de8f42eb2d323f47021c3808129ba451bd3fdeba3293bcad8312701b2cd84a518823978f6c20e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f07f9437e2ea212be47d1b9f765d8d58

      SHA1

      6ea02e7e34f1b5f6f205743082775e020c5fcf01

      SHA256

      703153f0b1f229f53c35e2890a8a366b98d98b3a997a0904c73b2859b4d69d72

      SHA512

      e98a0cc3b1fb449e32fc033b970efe62b33d43409f024254bb8da591dc2a79ac9a6c31ece95f4b71f4a2fa535ecfcf598f45595432b2399fa9306a646a2cb57c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ac320caf581e1fd3f743c8b8899e1028

      SHA1

      c22b5292640ac32f08bf606710beb89eb06d130e

      SHA256

      4e2107502b3ee8f30b000cef880ae46f59c6a1964e1118cd26471d8700217710

      SHA512

      4a7def11830ab72ff392276733cd3b44fe7c37dae1ffd616eeae73abf96d671502b0f559c538763c5096d3602bd394e603c0e53471362be275f1e23667837e5e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      aaf07fa4f4803124b4c80efa752d7d68

      SHA1

      11ef351d96f254aeef8d34236793919548143648

      SHA256

      3aa090f649eb769d87d44b901421346ee67efe11a36e05319d785fcc221c0911

      SHA512

      07b3efe126bbf2c1810e96f64c8a14aeda41c4aff092e8cbaee48d165b479edc76d5a504b433f8d253ef13db71b4ad0106b5fd2239c97d7beff0f665d01a3857

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c4e12d1df7fe61bf66c3f839be15bb3d

      SHA1

      7bb0330affbdcf30c88fd2ee6d042875b8456fc1

      SHA256

      496b62e9ff9ec46f32b9b2573d70868a8c22f46fcd3aa0ef088b847d1329d72b

      SHA512

      67620651cdfe399a9cc134a8fcdbb45be969d2345224bdf64a9353a26dfdf5faf3415376a9972314ad97aa435ff464f0cfbcb8bab45f23949deedfc57fa54736

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d91381b267e58b1a18cde1ae3d8ff0ee

      SHA1

      bf53750f072fffe2d0406eb6f7b4beb4a93c1c12

      SHA256

      ff63545ba85fadb06940fb4c4b8ba0bba099f88c3dfbf8aeac1b22bcfb70b599

      SHA512

      ce306f4445d62eeb1670b1cb81829c935de206f52483dd6f5aa5ec3ffdbb3f80d49ad4195d992bb3eaf73e8a1fe6980adafeaec26d59bb149149fd7f2681f67e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a5879fbb86933b3df30bd52581d0f0e8

      SHA1

      e799e2a1b813bcd95e12c9b40e14b821038a76b3

      SHA256

      94445b53212fa55fed2c5fec136c3d2ab37c0d393204640fcefd9d4ea96f24e8

      SHA512

      daa58248ed31d8e09c7c120f7a56f91f3a712120441e517397bbcffaa16159b293a11ba6daf5ca160f182dba62a242e8c267db1c427dde4c75ec9738fe0162c8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d7abf7cf4aaf3eed5cbd494db5d2a473

      SHA1

      f7daeae3bf688e99fc3b3d3707b740019a2c5ff3

      SHA256

      6929a8ae4b5bf7fdb0518906935cd7b450c335be34f88800e5b91e6b7925eb8f

      SHA512

      cc38ece1d9379142237face5d7e4bc6ab62293eb792bae7776b37f6a0025356e17fbe8d4c685d6197e3565cffd48748b9aef30f17117eae36bfaa70e1b5b5006

    • C:\Users\Admin\AppData\Local\Temp\Cab946.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\TarA66.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1308-482-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1308-483-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2036-489-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2036-490-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2036-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2036-493-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2036-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2036-496-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB