Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
03-06-2024 23:30
General
-
Target
92fb99d2f900507fce342513f4a20202_JaffaCakes118.html
-
Size
185KB
-
MD5
92fb99d2f900507fce342513f4a20202
-
SHA1
ecfffb204dbed8d8906415034b2acf793a99be9d
-
SHA256
129f15b457e45f1e4ac4d096fc7b267862c1311e9994eeffa63e377df14bde40
-
SHA512
a04f473dffb8d0bf658c7755f3445228b646571609cc2b3ca3bf3b9c2a5cf6d5a5970fa02c2640ba129b86262b5d18f2c71e9bdcd6eb6911aa669a12e922b0eb
-
SSDEEP
3072:k9DZg8PyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:k9DZ3asMYod+X3oI+YS1tA8
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 23 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\92fb99d2f900507fce342513f4a20202_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
342B
MD5109250fc8743419d39f994b9147b873f
SHA11ffbff51ff8142d6c4ff96f7dc28171894729471
SHA256efdd628097856bbc6bf07476327a9b3bfcae28c312040d8df3fffbef5ca2edfe
SHA512f689a7ecca27f359218f96782715f96c704b499c78459ec0bfb81722643dc24e24420ec1045f59eb85ddac1255ae583c7e21a6cc9252a2a19bedfb6ef1baf379
-
Filesize
342B
MD5828e4bcf052f59328328f3a623269ea3
SHA12d7601bdf5811725ec00834d7a5b368147c013c0
SHA256bd0834b117435cd392aa8ac517019e7f7c7c151d93dc1101ff719354d6b68376
SHA512fd746a9cabb1ecd9ef88dda207643bb12d217b6dd07a80aa48387a57756a1cd07055f06f0bbd9951d92e433f6db27d04a9d93d5898ae421a7046afdd86875c1b
-
Filesize
342B
MD5167560a9632b2a860f41071479bf528e
SHA105c462922b51ba3b9c5562935c55241109e80fc6
SHA25641629527ea16dcf20e7dc2585a4331773811bc77f3992ab846e14f855c9a2f45
SHA512f496934ad59e15f3bf9a6f0f79d3f30a8ac5b84c83548b3deec5309869583b5a15f7f46dce0931d62d8f4b3dd636bb59ff8f868f556ad6c39961093c6ac88c0f
-
Filesize
342B
MD503f2f9946fc07be5bd9e81c9d16ab219
SHA17d7df3d9ad3eafe24ec82ce8cf2efec7a3e85223
SHA256d612d094401c0abed11671ff9e325a82c451933d54c75138cf26c575b0d024ef
SHA5121ac46e21c1e0417b3c648741bc06cdc65e8d9153e0261fae00c9ce8cacc226d76b740781f5936243546a4de1c34fcb94a2ece5830ed44ab6b3833a87e4c33c86
-
Filesize
342B
MD5f50f4caa5fa64f05f3d4080e169b3a2e
SHA1b64edf413d37245a937a4279486d85faafe4aa5a
SHA256eb4366792a966af22fb977ee3dd220c441095a4c125cb1123838f28d7fb3838d
SHA51291f7939eab2c20476e7eabdec4a4dcb5e27860d86d2497839336e24788cf9f48a32e6ca79e7bcc8feb3cc3b3faba6b1735634128518062d11e729e7248a56ef7
-
Filesize
342B
MD5353d61f29ca2ce7ccd191a8a452e2819
SHA1c842264325cb1948032b0b7355af81ba14b4b46c
SHA256adb917419ea5d37ceb1b6f87be113314317e94124f40a377dab1048be43ac520
SHA5123103ef488723c251115cc2acdf8fa8fff1a3d2360ca6539318ce8d4a7d8a80d2c655f9431303bf3a5acf55a038d781bb6c01a63e285d18a6608146e1e9a00a66
-
Filesize
342B
MD50910200577f72e0e713f95bc8407644a
SHA14d724a4c03bc9126eca26bf91c114ee12ac6a267
SHA2564a2cb386bc16dcef191aa992970d6e838c1abfc17ca77ac98bfc26e89c58ac49
SHA512236e46d1a345a9cb8a60d1728afc38a5f4b7f14ec08431f9e4cc786917cf6d32e1d332cf077263638cfbb9193e681c0a1704d314e37b9b87ab2a40f294726db3
-
Filesize
342B
MD5e14a67ecbdf95e5176aa434f162c9794
SHA14d7ed9d8c4dac059922f0441ac5cec1aeac95968
SHA256cf2b4875b93ac5f049c7d428afb4990aece4069ac387738cd892bc2e5fb6a137
SHA512ce450fe0147a0d3c25e46acef9175aa83d8e06c367175b56a39b0ec3640abf1e7335cf2c177c2b7f2a5a8f28ad347c0ce337c46cef584e171aecb7e1eb1a30c9
-
Filesize
342B
MD50a8091925d682a0cfae6e1a22d5389c0
SHA1fc40346e47806f3e6006dcce613964f820e251b8
SHA256a094abda97f342a89dd602a20039c33778779de05d768b18c4f402cdddaca96e
SHA5126797182a87a1bb4dc9a9b8ca5d4d8bc651df56745bc56c871a9a2b7208577abb6572e3fc019b5362b779c579fbf6d8f96f4b6cdeb004c766ff4706b1c16aec40
-
Filesize
342B
MD570d653f0b3bf3e0fdeee06d4515ff8c4
SHA10daa16831abc9ec9fc810c0cabae8bb75488813b
SHA2564e204200838561694ab51f373d8e705befcaf9515420aaba625534777e09e3e5
SHA51284e1552ba864797260625e0f1091189212aee93c4039fc0c0671d4def21a194c2fd4258caf20fd6a7ac07837e29ed844468522d4164be70ed5736ee0f0f79c03
-
Filesize
342B
MD5442556d430a926a80efe8d69fc3b1bbd
SHA13fc732162fe484420786cc43e3e658468570249d
SHA2566d63a896217dec2434f3d2bb20bd279b56796cce7f75284de5b041cb0e35f39c
SHA5128e9ed3285899ded124332d1895a8b2649ddecb893d8d03a99b98a716d0c98b191db9856197b14b59bdbf73afcf9ead7dc7d476179f3a348e45320cd6407dea6f
-
Filesize
342B
MD50e45a3a2e57a95195a4f125a66cb3ebf
SHA14d8d8c08e41eef28fa41424c0ab76a9b9ca09670
SHA2561e11fd05193f399dc923e5260138ba64998fa8cc84d520f8bf84e2a2169ceccb
SHA51204f03e9942ead761a586d6a06d9a1dfe1ebfcf6a603b16e9222f2bb3c7d5b89850ee299bdbf41e2ce94bdcbe84e16e4275c79853d4cff8244996b85c59b68dee
-
Filesize
342B
MD532686bfb764a722b72120e232973559b
SHA183466398cc768a7875450616c230e339c292d0ff
SHA256108b50f0924781e6b6cf8e33643ca06f5b254b1433de475d14aee1d64bd3069e
SHA51270290c7390347a6a21773953e8f1f0f9c5790dda041d4c4fa28a9e3328c071aaf5dd0fb36627b97220d9b34e810f160855e265d066533bff45760eedb367a036
-
Filesize
342B
MD5d1fcd0e11fcb686e2d3d498cd543857c
SHA1749c90e34c2702be39ab563ecfa63275a4d09e3b
SHA2564b769b06f6999df672be439f2e9d90c5b357e86f17b7e1894e74c5583aeb63ce
SHA512bc7f8713559ffacfc821cf69489bbe1d733f68ec5254ef0c4f1b40153598d84a783752ee366858bc80a2323d10e8031f0cd3335ed25054a6eb13253d1afa16be
-
Filesize
342B
MD5acd2f4a098258340b5f8f5e5016f9c40
SHA1b987c4ae9afea05da827e4109f0873aeab60756d
SHA256d39a64dd68024ee0d753825707827ba459d41c78e4d00167e0b3e3b6c11f4d9d
SHA512715747d738ecab90f1a6b1a30bea4c540bc17a9e1b244259d4972f17440c867840047dac80201152b13b8d28441839b5a9df2660e8a5a3dba0913cce7d124c03
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
84KB
MD5df455f0fa8fb3fa4e6699ad57ef54db6
SHA151a06248c251d614d3a81ac9d842ba807204d17c
SHA25615068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1
SHA512f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6
-
Filesize
216KB
-
Filesize
216KB