Analysis

  • max time kernel
    136s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 07:10

General

  • Target

    89b4848e2dd001a183a1e420be5dea57_JaffaCakes118.html

  • Size

    157KB

  • MD5

    89b4848e2dd001a183a1e420be5dea57

  • SHA1

    8bbdaac5eca4aef42d83cc810947e429df09c54c

  • SHA256

    93079f3d1ead4fd102c63ebb22eadf0947b361839cefcf7f8d8641917c2c3646

  • SHA512

    b1b13ef4f51ef8c08f09d2d7b9dac63929daaf7c46cb68612a1d68e19246907a05de905f13f39bcaebabaa90240343857e00964cb5a643de34586bab1af670f5

  • SSDEEP

    1536:i/RTIWchwDhsamyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:iRAShsamyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\89b4848e2dd001a183a1e420be5dea57_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1268
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:388
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2116
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1580
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:603146 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2912

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2f74777b66683abec1656352eb1f6a61

      SHA1

      c4149d127413843dc2efdd286782fff673c64130

      SHA256

      bdb20255b2697efea3e9eef7c890caeaff6c078beefa588be6deee3d787b490a

      SHA512

      a73d9c1dbcf6e20593f3484a8abc8dddcfb71686dfa969f5520b501a571f991ad9249fbaa9594a6900c4c92a2d4d3a9f3041c8f1d83cbfcf47f58127ef59fba5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cc0e019d692fe78a8656c38a252dc181

      SHA1

      e7714baafaa450590392b902783ebb07b913592d

      SHA256

      aef9d42438f674e013ba26b0d277c754265fa460b516b4dfb757bed0686cd560

      SHA512

      8405633617ba7de98d51c3d6f59370866ba5d6d888c073b6cd8860eafa01c61986ba3644d39881c0507ca99b872c752e16744ad3df7fe35f7c3c4468ed4f9c22

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b92110b3e5be70659e54a98985baa504

      SHA1

      2ac6e1e2abdb91c7360a497354829f32fbd9d406

      SHA256

      7b76d5545e0ee6e96f23b8aec3ec370e9725b2bb8a65915817f6d0f0f44d1316

      SHA512

      35282ac571a48fdbd024ddccb53ece8c7f7a5178f7188c5fd2f5944fcbc1eb03e8447de1dfc8c26bf322f604f5731e172eb86063a98835cbae7a1cfa24209ada

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fb5b3741e000d0104aa855dc1ad3c4e9

      SHA1

      3209123304db89a03aa018d358e18fa384746249

      SHA256

      0f79078d58af40666454606910b899663bab5815c6abf17f43921de7bef8c70b

      SHA512

      13e98e7bcd67e087292b753d7ca5809e3fc1db6e3885aa5579494b8550c201f9d2d4dd903d176696ac44a007b8ee4de3f5178f7537c5e2a716117b00254ceaba

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5f617caf7fbbf344372070ad180b22fc

      SHA1

      02995438cd1647b0c7cc059be335e00c88df3884

      SHA256

      638f9cc08fb71ccefb7401a39e061cf8dcce50d894de72581b5b122970b8bb0f

      SHA512

      b27a62390880efb6e7747c77c6bab31498671fdf266ff51f55a496886e6168c4b21269fadd3b49045d5e2e96175ede42c389657d396715dcb0e4a63358c42468

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      94dc3445a01598ec336c1193ed03307b

      SHA1

      5f7b1cc512126912555bee03cbf4685bfd27da4f

      SHA256

      59217432a00000a32fe177313eea9492b35a224ca891dd3e830efef80cfc0032

      SHA512

      7c1fad8f9186f84871267112a7e1617e9e389d629af4af51e6b0b6f348d3339aa487f5bebdc4f18306f1a757ab247bdef4453a6a1277cfbbea0cf34d84ce62cc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ba41a2f7dacc4a337b669e4f0b20e3ba

      SHA1

      791f831e7dc4539a348b71f33b2805b3cb7d53b4

      SHA256

      c7868c6ac1390766ece95d668f62ed5caec4ac130d46e18b98513236e64decd3

      SHA512

      da011a3c8f494dcd1875d9907a48c2f7af967dcf748242f4ea04aefd4812585121b84799fe18ae98ea7dff68566b7c95d83854d7e2dffe7d75a3f7f6bfd87988

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5c35df4406b86573e5f822340c69d8cb

      SHA1

      f8a446e69794c91b40388127f1207bce0d778ce6

      SHA256

      9bc1dba66499ecae0a0a1784c48e501271e2ad5ebf4dc9f1a097f07140b51d10

      SHA512

      0345f2f62460826878ee6b574da099c8690812b77a6f946b5aac62df1adf8e5e5b92320602d136bc9aac4aa5b965410b7fcab6b2a2fc797b2ace44b5f479facf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      16300d21986dda9f75e78ac284837eee

      SHA1

      de3bc1d69f96e7d105c715816f8130587a3c64e0

      SHA256

      096ca759b7215aef1b91ae7c6ba1582948bb3538fe4b33d8cc72d916b7bd3c8d

      SHA512

      f30ec1768ae9353b490feb7e989550fed883a4c4cde168a9433c2c4ac54c68297e9f0dc51b5ec5b4c5ef527a05de631ed640b236574252626d2121b19716754d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8632dd6c74d8e32f9e92f136e5ff6643

      SHA1

      dc2495a718a9f11b40864afc6c80d1de09bb1a5c

      SHA256

      8ec2def81c752b675dfb161200f7596579d86af051d705cfe5f80100f89506bb

      SHA512

      59fa9d9d3647a878a829c5829847389d625be7e898e875b4ad19c21ac53103ec61280f31c1f24fe50b229d84c9010b8c691130de0ca21a96912dd4aa9ae0dced

    • C:\Users\Admin\AppData\Local\Temp\CabCCA3.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\TarCF3A.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/388-482-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

    • memory/388-483-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/388-480-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2116-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2116-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2116-492-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2116-490-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB