Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 08:50

General

  • Target

    912e3d70b5b25aec05d807df9b3838d8_JaffaCakes118.html

  • Size

    154KB

  • MD5

    912e3d70b5b25aec05d807df9b3838d8

  • SHA1

    a8a793c0fdd15e5ccc67e2f36eccbc3a5fb2841d

  • SHA256

    77d36040edb050513844fed61875c668e7ff6890c8f84e39e46ce3fe08d8aff8

  • SHA512

    141ddb72840291586ad0162b874cfa463130f378615cc15d24b5b435fa3798423a23423c01b1eb2aea08593edd96b76523d98ae7cd371ab488badca90b821821

  • SSDEEP

    1536:iVRTpvMSQHZnaOyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:iDPQ5naOyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912e3d70b5b25aec05d807df9b3838d8_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2460
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2080
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1640
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2980
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275469 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1708

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5a5bce28de8e4a2debac3169bcb15159

      SHA1

      d953f06dbb4ab1fa279fdac84cb508b7b640a550

      SHA256

      0d425c67b040135093b4d978da0f6898cef3732eacc7564904998a1a04fc6005

      SHA512

      c195c7df4abf267d2b2a45935d406c40a84c46fe7f65a5077dea48ac3637fdf2951d2498676ca65ffb697b9379f3f296015ca3b8a483a2fb34af80d627ae6af9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      44614de9fb92becb4cceff0ebd2f63d6

      SHA1

      9cec4d1b08e00021699b772d698b76334897cd29

      SHA256

      16614ce83361c1f3fd19aa3a0e3d8f63d87b51ca6c6cd2ad95356c084de8a214

      SHA512

      e46959cb3b198e386a3e02b39334336b9f47a734842f19f41ef83f83c9a7444753fa6c67e0eb45cf6cef3827e5a9ae29cc6f0886ba1282d99569878abe8176b6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6d8228037af2996160a372f45b4ae279

      SHA1

      b1570580fdd07b357d44a1a8dca31f9a8738a752

      SHA256

      ae250960b607a41350fa43f4ef378702f103865fa8ee6777f73bc24a5d1f8548

      SHA512

      79a1f12361493683a4d2601824568aea3a787d74a39e1428f9d85194bb09f5941bc364dfbf22f21a71f2cfea1fe8d3675ba3eb995a9198dd9a4b7792296cd6fb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9e8d06df9d43377f5a3c9236913ebbfb

      SHA1

      c8aa6cb9b3b2a2a9d14afee91d81df900d287c27

      SHA256

      b070f94d0610f587a641b5f4ff14d04f8b928f7d55c1fe2622aa432d2f154f9e

      SHA512

      1f033dd0f98314bb1a90544f2b2b66506434270dc9339692774111aaa22a8000ba4213b0ed07709de4b5167856386fe052dd0011a5fdd732fcb0dcaf624803af

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eb6269184a6bf4b848efc1df2213f98a

      SHA1

      dcd9ad1f325379b4a5c67af98c070171a724a4d0

      SHA256

      58e67c7a548dc4aad269bda93f077836c879894bd74384ac1e66bba428a58c45

      SHA512

      359383cea232281a0f8804a35a9cfdb11a6194b8ffbae23cdc02812a30b4e1d887c9730efa64a5f88e0fbbe516176bfd028b3cf391941398b4fbf9240a972a36

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5332d2dd68f82f7ef3983525f0ea761c

      SHA1

      87587470da7d555e6e0c2ff10f73b2f3c106478a

      SHA256

      297ed33363be37de63b8e8296a0a05228a472d6515a3dfa0e018533224efe779

      SHA512

      2ae60db0a875c3c40ebbaef4a71674159d053876d367b4ae3292752d7b95e96d2dd49e3472a88aca125ae1a564967e44a9f0f8899c00b972ac8de8fbb504bbcc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9bd810cfbe0f33001af76ba788a8d9ed

      SHA1

      c105ca323cf9bbc56bed385c539018883865ba09

      SHA256

      5d431c17b5b5f2279721e5b415597a9cbf6994a7c2acdda2d18a381eeaaa318f

      SHA512

      612d4f96b0e2e093c368782e4cefb3d28afb83e808568161d9b35f60f0abc14b3684c6b2693e30db3807e93e08cc0ae093728455825a01bb5a07db8d7acb83c7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6c013756a0dacc8feac2ea8e34925437

      SHA1

      d11b8aa793c4efc84916e2269dcf206add0e781a

      SHA256

      d0f9851f434aa851557069e1b68f9ec20a26c2f09ac2c7df1d73b83905454995

      SHA512

      5a201d70744b1ac5586ee57343e15e07f45003732547cc68da761c6e0f81ec6dbaba57863dbd74c0e440ab47347b9eee3e64947ba31d364d85170886ffc0ecac

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      68e046a785a7cf72a75c072f1346ebb0

      SHA1

      456468f605ea17cf5e1039f9011ba5f433a6eeae

      SHA256

      c7514101274b030e07a379eaf2e3466f33b00a2dc4fec707d31ad1d76b772b89

      SHA512

      82025bb3768b00281538bfbfd34dc6e0e3da3d097e3fb199dcbe37d8774e61b34f0281e208d2fdd9a05b0309ce671f1ab0f5ff20fa06145d4edbbed735f697c9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2ea8efd4315746773fbceb343e23a5c4

      SHA1

      32ac591d1d99aacc44e0aa20bb7e554e282998be

      SHA256

      7e6500beb1083da066c8c335b3bc7346d870ac8077d32010fa834db233aeb3b8

      SHA512

      b05585d03174e85c1560c716c8fbc929fbe0fc8dbdec7ef8b1b7fe9f24c11899f4396218f2e40a6d0008c61fdfc9f925b58d98e707123c666f0191193efe15f5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      db697a88d7f352ef10a435f65f9c02af

      SHA1

      24bb4579bf8e7907ff85239c9abafeaa0fd4368b

      SHA256

      10fdd9c63610abf6546043e9f003423ae6d3bfad345b7932184031c0b4425153

      SHA512

      9bc4e9820ea692c23e86c623c6f0dab0214c7f130b35de9c0c707bc9ba6d634f89dfca90259be35338b93a7f5030abf7132ac369d92821f7867f40fe147cb5ca

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cd34807dbbb5bc96adb31dc538dee7de

      SHA1

      ac612bd09d42c809571264bed707d1a17476e96d

      SHA256

      3dae4840c5a5f6643714ef292e602dc2856e01f61f1c8dfd4ff3f06a4b8875d0

      SHA512

      1890675dc7e1b8cb44b8efb199e36ff17891521a8fff50978096289573d4b6e7c3bfefc03be7b660fc70a3371841f224ee7f6f91354b854bf5d8f20b3f7623de

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bc9aa5fb8b5f8fa6ce7547cf8796a33e

      SHA1

      d342e8479a8091242d34e9db3dfe3ccf12c8f9e0

      SHA256

      5e813b12c685bd764b3341565e02ef0a572b2c529af673bda6b9a26192c67c68

      SHA512

      a80cadb33a46e649b945870346b994512e9c8c0ea8da45c834cb85554358cd8858a8a1ecd43375cae9d3ca2c6a02c5bc7649a29e49d639fa33da4fe9073e5bb8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0d358f409f6b2592e26c0d499283c79e

      SHA1

      808ef8ea877fc94dc03d5c28b3714efdb0552dca

      SHA256

      bd3521507a1e894b6ed27104f78f911af69ba4308e6e2982f727368f511fe18c

      SHA512

      eef45b5148863d412b00b95273323e342f3a7ab04bb33dcaaf8bee73701f30c9ada91ffd3b3a76871124267f1be1977496375aadc033f1484d7fa6bc1e11590f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      013f44206fcf44bcf7f551c47e9bda14

      SHA1

      4a73954bb7564fd076843a26bf3acc8a76a55f34

      SHA256

      aea66d456918be9f7ea1fa9b88171f060c83f576192b6a95a688ece0b204fbad

      SHA512

      5301b5d7a313c0975fa7df3b6676584c2741169594962446d47d425ad675a1587d431229096913721dc3bdebf228e7201cd92a1b4b8f4cda2ea1949eebd91180

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      195e063a0e5766e1c3730773dbad3b9e

      SHA1

      de1034fe1a383f1e414c2fd7262eca66108b8f0d

      SHA256

      7b6bb9a1969f102f352eaf69fa1b28dfbfc071986067cff5e5230e4caf784674

      SHA512

      7274e1f2bf9e4026d90cdd22f75289cbb45aca00528e8abadd4851a52d0003136c0011c393811e8a1d35cb2d87e9ab02d32af2fd15e03f562ee45c7c83263517

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3c38fd859184b22d156c444d416104fd

      SHA1

      edb339639b4f70d20c609a41a75493550b643132

      SHA256

      8a6be5c74ffdf122d27e7fc8285ece5de289cca48b8339931b808849e884038d

      SHA512

      05a38331038e2b6aacfab4cb62083a5e1931afc8ee08b1779d405ebd008c9e0f512d847dfef6f20f66ccd6788557469caf993123f5042ef882c1c3c608993175

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9060155adefa3f84907e4102c3903ed9

      SHA1

      d3881115084e652ed2e59c478e31a60601c8671d

      SHA256

      0edbab55f655dec9c0e75dcb2908c9ef9b8522af389821a43ef112729fc691b4

      SHA512

      b4a6fba14f79c21ca42377b6b4f74f35ba57454158170a5db5395cc599a1969dcd53733698c0d0e1d71d0ce7d1681a8aaf360abeb67fb759d38fec6d17d2710e

    • C:\Users\Admin\AppData\Local\Temp\Cab16DB.tmp

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\Local\Temp\Tar179F.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1640-493-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1640-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1640-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1640-490-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2080-482-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2080-486-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

    • memory/2080-483-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB