Analysis

  • max time kernel
    118s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 09:09

General

  • Target

    913bff4c78e9b149c6391d7f9d98c90c_JaffaCakes118.html

  • Size

    184KB

  • MD5

    913bff4c78e9b149c6391d7f9d98c90c

  • SHA1

    fa156aad16cb1767078cb9af6f532098d43ca6ab

  • SHA256

    53666aaf128c481dac4051ee42a02e2021b26d9b41430d72a5f41809aed24582

  • SHA512

    8ce8b7fb3dbd5c099e6f292a4bcf4f532983b320c54a467e13895924d949d766de3fdeb0755d3cd980d51699ece238fd739dacf603f2ea3a222a3b3529a39806

  • SSDEEP

    3072:ZoXyfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFis:tsMYod+X3oI+Yn86/U9jFis

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\913bff4c78e9b149c6391d7f9d98c90c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2860
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2492
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1776
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2368
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:537609 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2424

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      aab525eb57a0992af122a46f27416581

      SHA1

      93097964d9cce9ea2fc7a9d8f34d939520a20b90

      SHA256

      330e8cef6edc075441598074a31feb8edbec78794f842de7d4ae0979f299b692

      SHA512

      949c416930f58a270dad54ae815b6cef749869f99e75d46c2b89dee10ce7b903a3acd810b88b9b1f373d010b1bfb6df3bb7b8a5d7c205703eaada5f3be1a2a23

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      70a6dbd8ee48e039c93238e06d5cdefe

      SHA1

      a66610f1ded76c6da0dcac2af8784011cb9e9c79

      SHA256

      cc210697f83ab72560c4ad8c1f3e163931bc346392b27e671b830338a0baab54

      SHA512

      8ee9b40bea6327f03a35e303fbb518472edef11fd205ff407372e7f3180658dde5230571088b59df72cf157ec11d2703b57afe15a78e3a735eeba76893f4ef90

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      de2f21310f5badb29aa20945fc39838d

      SHA1

      3f0134c8d4523f2e74bc83ccd6f924cadd4a24de

      SHA256

      8dc59fba9e34d6b693630e42e7eaabcb7ba56299d7e135e8842be9551102d191

      SHA512

      524e722617127c7657d75c2348f1dc77c17b7a1474bedeff066db29b7acf4ae0813a094009d8141ac739c70cc2e58e5884b04fd8cd9212ab674c7c7469542763

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4f1b322978bf2bbfda942ffd2e340bef

      SHA1

      40a676dee51b66c86199a27bea7e8f8d7f14facc

      SHA256

      4ec54589962febe029ef2c6eb01571c92ba9d2d58928da0da69dc3a89a3f69c8

      SHA512

      1ce4340d36d8c12d9f0ff91354889b95435a0051355262f98497315eacee84447b3c42865c3775bcf8e125a1a9f70a3a8708aa7be32cdb37d23ba417f35b03cc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c6a7d712a771f89084679150a1a89d79

      SHA1

      86609c689be1ccf6ad2e1797bf8e380b53b72306

      SHA256

      c5306d5b88a9508f8d101c2d61824f4c5fa54e7d2d1d123741b2b96c0940d105

      SHA512

      e1962e8f5bbfdece0e807382b7b1a044ab9eecc42a2c11402552021b54c02936b53077dd0824e85a8227caf99b8ed146d8bd28f1ba487920d580380acc84a710

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      282e65985c63191a1c928e5cd06d5507

      SHA1

      2d538b2a98f45ad09dff64cff96d35551a8e56a6

      SHA256

      9cb97fdebceb330118a520d5ed3341be7ba49665df924f66a1d8029e3d249a1f

      SHA512

      76f5d5b17c6160343cac6d8f82b823f0642c27b57ad2734f1ff84a01adad0a7bd9b532b3a370c60e01763137ede8870f9bd23c7295337010376fc43cf6c54e78

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4c901501a60b3646936b7dbde0b35de4

      SHA1

      361d65aff96e956ea3bf344ce8b9494b0f779a01

      SHA256

      207560633fd4df304b9c52ec082ff9a2dee022e603befd83fad160c420942a4c

      SHA512

      342f267595b4f4609dfdfdea5196697262f78bcde91f182a28622af347e734ebc528b47f296aa24903e2aee83a12073865287ec7eb041bbd2f63f0fecf32394d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7eda507689997456534e715fdfab6a26

      SHA1

      59b30d8bc4504c3ba5e26d8de26b5bec03720232

      SHA256

      c6a1945d265b0fcba19b7761bbdf4a21969db72fc2b905e084c04d0b2e020163

      SHA512

      0a6578d6657f55067aa24704df74f89f1910f4211a070e4264b21097b1f4d201195f511c9e3e79b073fee791f927c36fe7aa332a26fe3161d26f0500d7cc03d7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      45d071a31587c2249e21a37c9bcf492e

      SHA1

      940125769756b8899ffcc7341f0c213c841a7c1f

      SHA256

      3a2191d9940d5db79f9e695530918e8b641d471231a1eea181be4126e43185e4

      SHA512

      7ef6e87a225613d6833f799c89caef6fd78301b5526cab6890c5a726c1b3a238aa8dc65d4e9ae88157c3034dfdb25d2a7f174a0179e1ec335192275e6fea4b47

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b5cd8c0aebd1778f8d5fc8ecbdb52986

      SHA1

      adfc202b403c8f9e44626b6edc56b376c7d893dc

      SHA256

      f2d2f9253089cedfef89502b126f8f3869dc63aa594154ba66e7bba56011bb45

      SHA512

      51107acdbd831aba7cfe3afb080fb32fa537ef4d38522b8573fcba64743e980c07d0a2257f968e45254f872389128a34388510165d1a797bc33a60d1ebbe4648

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      efce3ac9b3e836892f93418591ad3b82

      SHA1

      dfed4ba34803f25114bcf0274dd35b636400b213

      SHA256

      0ca89764569006310bb93577ac508f8350a7d4c26ca2e49d5be6f325b2736739

      SHA512

      5870d1ed1cb2dc87e39cf576e8ae8f791073335dd5d30ff9c30e8bd64291cd1d8fece48cf2db237c17dd12ad1f324ef95fb897cf4cf5e5f45799c05fff74edcc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      986f6d0792d816ad0aecf76f3895e038

      SHA1

      1816e096da08cdb7a9ecd30ef3197340ce03f59c

      SHA256

      ce8faf7308ac6058277754f0d79135c2d67e9839014bd827c2c2e3a53c31815a

      SHA512

      eb21fd01c0d6b67757ec24f7aec7a35dc9f184b92922c015907e60e7ab1026bb16180c16f99985c730df472379ba7b80ad61330cf23cdf0a784807b4e5a668c2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e5f98c0659a4f73e1fdf91ef572f215d

      SHA1

      3aeef4d294819b584af6b71b0727a73f3f9a45d1

      SHA256

      776386375c77a7e5034cdbfd97098e317c9f1bdc3e1a545251b865bec8eaaeee

      SHA512

      ad02dc309868516fade6bcd8dc46096664151fa57a9e617116d1b156d019655e710b1842545257a03789390451b9183e5bf1b981aa09fa8daf4be0a190527933

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8319a8dc27df07103858f19995a98468

      SHA1

      c9f604a631f0613686dfaf95c3c84433b66fd1db

      SHA256

      e455147e4d3011894a11c9565f05605dc27198ee1bd898cad8cdcf462390ff03

      SHA512

      a16669ccb229e9b345789c7ca304d27e06e180bb26510c2f26e7f44e90720feaa53442c4a51c40e05a28ebdae67737fe3731c649e3ef6a29007e63b7729a37b0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b7276f0e77d90d24581d7de086958b22

      SHA1

      babd32b47629abcc577edb3fd3af6ec4d14ec24b

      SHA256

      aa5aaa68dfc606e0e7f8944ca76fb89be84ae7ed80add386a8ad2e007e43eecd

      SHA512

      5de7aee6608bcf45e1f55cc4a69379e7f452b9a4311287cb9226a54b277cf84bc65bb588f714a910fca62ce5db938e117048d52e4f56093c5d41d9cf077957ef

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      20db20992a10047e23e3c563adcc4c3d

      SHA1

      5589f2d98ab15bd6a6a4dc552a088cce7cd37d5b

      SHA256

      4fa607fe51d3e159f541ae9d52ad52a4a8e44548e8b07e121fbc8265cf0163a3

      SHA512

      753b8c873d0ef058ddc145f9e738ddebbef1b8f9c5fe47dce1ac841183b458806896a67d4a20b70c4fcc29fcba87f68a84369215c50d12b81f54a8af27d76f4f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e2a8c0d0c1c141d0faf9e459cdfd2a27

      SHA1

      1f404a6649bd0ad1f3e1234535083b81f5f31338

      SHA256

      959844921e4983cca58862b1d106f90b53a5d6ece26f8d21654ca5641545dd87

      SHA512

      938bc54d1b91c16eae18a3d2951d758ed7bb4171aa33534699d95d2fc4c98618dc2bc8b429f44b45c0d4e6c0155b3d9931bbb94161cd17bbc1518a0a408eea8b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      680954641655f4c8a21820f7a67dffdd

      SHA1

      557bdcc2f661a75c075ef84bd3c36e9b07e2165c

      SHA256

      e27fb515e3265e74db46a5607c732836e43c085d11d1d631e965bdf213b64c47

      SHA512

      f6dc799c48e7226f39780b8c921067e22fa5964ae9fba67cc3796f39e29573728be81a42861f15b20f456e14f9b17bf9f40db3574a81c678c695e23d46e59a2b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      494c34e69ef8bf958284ace565d3550f

      SHA1

      b72a2b669b91d24b41564628dca76f93a55ee94f

      SHA256

      2c3ebb653065287d020d2aa29ce9989fec9468eb9f6ddc9137dcefb633306695

      SHA512

      6d4f7f3f1e32f250e5a07f1176486d342d88f7885a2f45e11f7d8b09405836d0b4e581fdf4bbb066e9cd4c5d2db11ac9ddfce61152ddf9a691c0b043a9c70ebd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      90cd19eaec6b32e9496f99f4f5957be2

      SHA1

      078fcb8869b464be4424f6e6b11ffd7bad1745d6

      SHA256

      c6a6035976347a4524b0c8cd0ed9214a7aadf071ceafbbc460a4a7526f99e942

      SHA512

      f595d49593de99ba3a8979ac0ab6fdd7645bf8382e3f6d1d22d0f925e46f3800824777bc0649d81cac91301ffcdec2a7bf39609680a2dea8bced333663531082

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e851fcb09038050b8a089fc0662fb45d

      SHA1

      4f7937917142e4acef9dfc90a48f4ea38ecb36ba

      SHA256

      297c2c491e87e639c42db3d3d2512dfa2ac2aa6f41c62de240a3cc7fcf3c8bf5

      SHA512

      8d7e7f12df0f1838d99b88aa1953722b23c909ebf7c293684d5c5004d8c13598b37fa5e1742f08c16ebe4a006065988554323c702a191012de8ae7d32eae666d

    • C:\Users\Admin\AppData\Local\Temp\CabABDB.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\TarAD09.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      83KB

      MD5

      c5c99988728c550282ae76270b649ea1

      SHA1

      113e8ff0910f393a41d5e63d43ec3653984c63d6

      SHA256

      d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3

      SHA512

      66e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d

    • memory/1776-18-0x00000000002D0000-0x00000000002D1000-memory.dmp

      Filesize

      4KB

    • memory/1776-17-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/1776-19-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/2492-6-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/2492-10-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/2492-8-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB