Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 08:55

General

  • Target

    913297674357d6630d3839b98693e712_JaffaCakes118.html

  • Size

    117KB

  • MD5

    913297674357d6630d3839b98693e712

  • SHA1

    ab96744f8627e38a51bccbfa6f80d12c6286dde5

  • SHA256

    09322d74c25a36f1be7c36cce0e69ef96a08dd58a81d740643d4210a1bb64efa

  • SHA512

    44ea790bd989a3129c7b4946bc89b0c089fb2929de90a5d6567d770a817c3b83270c57abf2babe048c7931bdb38fc149c37c4d94a89f7956460efb6fe5f9c639

  • SSDEEP

    1536:SxSyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsn:SMyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\913297674357d6630d3839b98693e712_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2544
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2408
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2644
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2448
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:209933 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2420

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1f9c1aa22a2e57f378541695eb377db6

      SHA1

      c54fd2b0f7a5a9d9bf3f730cbe083afed3e72e85

      SHA256

      8d99e6b78d8a8aebee86b710cba5c12d591e6061ff50c73b17b97d21bb77687a

      SHA512

      7c45da1dc452f545a445aeecf5c3f1bb686b239ea1fa02a39a92c4f6adbe31574c8dd50aceb9bc6c68d29962c6bb42a3170c6dc5af701bbb5090aef229322af8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1dffad2551af222ce84f3c665678bec5

      SHA1

      6afd1f274c708c696c02d68e2fd40da8bd699c22

      SHA256

      88accf1dfc7de520ba9c6e6fe7b8ac6d0b872df5ac6df041ad57c494cc0b9747

      SHA512

      bfb5d5c1eee798795485c27ed953e3ab519d7fcaa34b98eebae80878fda7948a92fb5ac28867016b38a67d4fdccf6b9cf959ea6733c3f92289afd38e5a03b68a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fa8395c9c33af078173273a4f4cd40f7

      SHA1

      1f8bde0896060767de3accdd6688b04f77e8a91b

      SHA256

      3f49d8ec4d84dca9045ab3335dc8d2eeb21bf2415694cdbbd364fb989d513b0c

      SHA512

      74728a773a40e8b02f53e36242df808f59a31e54950c1918c8d45c85152716490257c391f5a061df9af04ec755fdf82fda0d2601502a76456595700f862da20c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1ca9bb60efba5d8c031b8c9cbfeb7029

      SHA1

      1820a48000907c5c06c1b5f87700d4153cf1d0e7

      SHA256

      dec99aa425dbe7f1890b85bb14138dda9f541a714dd356d1713facdaaf06f88f

      SHA512

      812a15b7c3c827ee082120820f67598c87648b6c8198c729fee64ad3cccb452472ec366ce59d50a1ba08217b88bd2c4fbdedf77f36baa1a072919c4f4180abe4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3945a2ca19e85ede0e86f3deb9821e0a

      SHA1

      4ea1118d1b855698e1f21a44055b34124a8650f2

      SHA256

      5940679ea990e3ea84ff9b18c24aae84c1a5bf974a7ab48491b090a4c77d7628

      SHA512

      49cd214263e4b31f35691e20ee787084c28026c97b647fdf51e5f045dbcce96c07721dd77893dfaa9d06250c94d394af79738715971a4d29cdbbdfa6020d46cf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      035f1785acb81672d6f620525f2d85d5

      SHA1

      d3ac1ad2d5f999fdfc6a24b4e2640ce602d55c06

      SHA256

      b2e27cf1e1a5503027dfa8404c9967863b6406898bc125890c82120dfd51a31c

      SHA512

      fd383678223e48f68bad7ab51c299afe4dfeb2677e7478047afe668ae143054b92d0a2446d488fb33609a18c934aa9c520e53e16dc5040e785125561a2304e63

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a457c20640204ff73aba0a9cbdc6f56a

      SHA1

      206a327194fe92f1b754984013a335c10e7abab5

      SHA256

      2f1a234191634be8cd1b222679432e4210fd0c92f8c777107b501ceb2695f0ed

      SHA512

      bab5fdb98147a8fcd23ef31bddcb2f71aacba2c9af5d2ee6b8b47684e8089f5f0b93a2895bb42109f2d7c6cef4e713f4b1ee870c2d8019e4e6f9948b5e0e1830

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9e059532f6cf3c31e343522148ce2082

      SHA1

      ec31c71061d7a5e7c3259a5972dddc860aa41525

      SHA256

      aad7fa4b8bd61b851d7fa70cdf184eebb2f35ee3cbfa724bf1b8edbfed025431

      SHA512

      a4f36e4cf1feae2697a0b6b47e23b6fd456687f155f8fbd47907b67dd3b476bbb8d50f3a5c2f5b87f68dee705ba72fe7b0410b4a3db48dc6a4be1f1af7b7c395

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a8152b6f58bfb237e3872b438061f747

      SHA1

      9c5cb5de1e1ce2f1700cdfd2dba250480b94117a

      SHA256

      03432d73a9f52a992af37b7ad5e5a8df591b5e96eccf66f6e61e88dd9a908f2d

      SHA512

      5c42ef4534767d770c7e4b166cbbe86945915ba567f9c8122f5111ef71a6203647352dd0ec4cf50c0a45b60d6982a86b21cf5afa8da34990d3e68d5e13957552

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0b930805634ccc7d17788c39b5189b67

      SHA1

      64afb0135e4023b43f05bbb11b30af0b5cef14db

      SHA256

      bab48dcfd1abf3721b090ca8145f54c40226bfa06bf0a2bd0b0279a1ceb68388

      SHA512

      a4f0dcdacaa362e1580dc8195e632c817fb731f1f52a6ce33c2cad63d1d4c02ce1e8be92b1da5d3982fd457b970a4e0f384d99a26a8e4dd8e7dbc3af4c75f1d3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8a0096347002c6e3b0ffd4ca865b6923

      SHA1

      00677a9d74d6ae30d98d0ada1cc6fb5a36f958ac

      SHA256

      e2590962ad9b881e7bcb77abeaa24498e4bd2619d51bd68408207d9934ddb8db

      SHA512

      ddd2ebf9d9a5e6cd2a69bf50dee932e289b0befc63208bb33816cd2e83a891fd7a6dc7758240be9892002eaba867137bb6f7c35a115aa79a5933f33e601bb3e9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e8c4f2bf3414caf758551c1e4ee608d0

      SHA1

      aa5e5c4bead3e070269cf3160b884d64222ef090

      SHA256

      7149fe7641e811aac77d33033f3d54b848a7743afb5071c11c89fab5bc815736

      SHA512

      a99b2ad3ec4cbf6a370eef7c647b5783422ef274f846614198f621487c0525a7705abfb84a683a1d23866da601df34ee2b08b4aad32a0157dd884a6242f83902

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      85283eb82223a1f79c7afad14b144cde

      SHA1

      3ae8925e51029c19d4cd01578b42633013ecaf40

      SHA256

      6964cbcc5f00b15912e740943849d7188be100778629294561bdc8940e514f7b

      SHA512

      f1894771ed36b7604086228d1a7d74de6ded9d088dfcdd60a612b30ecd7140f47530217f3341aeda0bacaeba9b2e8bc10558deb03d53bf62a462bd230333a783

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      29cccda7de8d7fe249aa6326f2851784

      SHA1

      96d8fafd914a14df5672ffe71662d2ee9415154e

      SHA256

      e92338cd4cee8c2267fe0205b30c757ba4c9d592431154fbc5e0a6ab3dc3f1b7

      SHA512

      487c50d146e8559db6872e05ba16a9aa3c2d16845a831e165356680ba7918b7e238181c545bd186a3a84e391be9b72458cf17769085804142a5ae4cbe35eebf6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a1cd8b4fdefa516493e28a6612632fc0

      SHA1

      e7f7b7c71ce07c1cb734906ae1fbaeb81cd98f03

      SHA256

      5ad1c8789cf415311bb5936c69780084989518b458faaf54d1ea56087604a5cf

      SHA512

      ca3b3bf6f211856a01ed247b33a12924fa2cac8671ae7dbdc63a28fe86173fb601fe253efd6af7a2343b1a8e6e05cbd1c65fd062cf4adcfc481b00b30e7b24a7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8a058e78250d608db42ca991fad78cdf

      SHA1

      c790c4d3fc2861a5fbc7071d9d3ecdc3ad73a781

      SHA256

      d09b6538d73a2ad716171db1df53ce7b682c767c6717e47698933909c825cef8

      SHA512

      c1cd6d7d8f732543ff88db242c15387ab1f6f31dd0d53bd071397b30e4dbb9f682387426dc938fb8896662e88e0ca7761d0346c5b31c27f1b01ea692e3abf96b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      32e8bc23e9bfa941405bbcea188a96e0

      SHA1

      b9b53baec33208dde0045e424c42f6104253c86f

      SHA256

      0b7527ffd17e8b3068dcb7b3d036ffb9b4143e3bc0c5c6f1051d5f590be967a2

      SHA512

      3d9d38e06457d6325cdf7cba1034779d6e789b0b97a68bba6d343d4fae3068c16b9ad6da9013d9f8c8614c50f9f5a1d3e3ea0997bcdc2692fb6b0d393ebea6fa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fb2a17a17ab6e28c663dd7e8242c0040

      SHA1

      e109d0fc4b7cd8c9119b7af8615ee7035ac7e7b2

      SHA256

      813de889ee4ad184ec58f2607cbba4b9ef21df6db069ae0b3761ae59dabf9917

      SHA512

      a4024bcabc0729273aa5694c03814bc8cc1012bf9019f82beb34a3f0b6830471d83d4231e1ac5490b283302b7325f618ebf3412e6181aeff2a280206bf85e6e2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      08ca1948b49cf53075f7672cf4bafc5f

      SHA1

      10e42c1167fdf0c55da67e2457017f764746d508

      SHA256

      a5b2c058fac7df25d804932e727414a88d9f28c562b973c092118ab88d7fd768

      SHA512

      a4b5faa4898b79f7eca364890a2abc65bfef803db8762414fcd3d579ed5b4e5415b89000af8739a48f9b6c1d6e6ee671af5e2b73f550e8f6af1865335238882d

    • C:\Users\Admin\AppData\Local\Temp\Cab28A9.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar297B.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2408-7-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2408-10-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2408-8-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

    • memory/2644-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2644-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2644-19-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2644-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB