Analysis

  • max time kernel
    121s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 10:14

General

  • Target

    916996da2a24e74bbd5b57a7c20f0b16_JaffaCakes118.html

  • Size

    129KB

  • MD5

    916996da2a24e74bbd5b57a7c20f0b16

  • SHA1

    3a96c4423048365f8fbcd065d2e656152dfec60f

  • SHA256

    8e73ac0a6f3354d5476c7d28f5ba389d52e65b637cedc27ff22c0cfe825c9b64

  • SHA512

    c3e03c5a7aad316ae3ecd386de19e2e7d556d00e35a23f3a07649e307351b909ab29d86b48fc1df7b8d7e951e89dc0f58ce0fe0f97612c9dc6f3c234fecc3910

  • SSDEEP

    1536:SXvbjcMctqyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTo:SUMcgyfkMY+BES09JXAnyrZalI+YU

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\916996da2a24e74bbd5b57a7c20f0b16_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2896
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:588
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:608
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2644
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:472073 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ca9b0a759c789f78df027b8a6f7602cd

      SHA1

      fb3405c4bd1ae7ea827e63c78edfa17350ca5566

      SHA256

      d23af914ce2f34113ad0583b7b6a36716e77b154bb5965ff8fef144f83a9d6b6

      SHA512

      f11e6a5b4426c2a78f80774d31c5e462b27676ec4cd3608222a04da27542e1bdf0feaf0d2ae58a5322815d1eb7f378a9f449f5ea96f812c19e8a6d5927aa9aed

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0f6c3c9d62c11db2c66123bcde85d668

      SHA1

      9e0a03e0bf336549fd0731d5c8d39e726559d431

      SHA256

      88c4f7527ac95c02dff4f1e1ec56a1026fe2ff629be93d43e1a4a73abfb0f9ae

      SHA512

      df31b3eb2ecae908bfeeb7344fa458bb7eb4c2559142804aaa80e43088a0b8bb987647577c72bf9ca05a9be30d7a6054f9bc9920722d4a13147f9457d6bbbb4c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3cdca3eff0fb5cfd10a4a02731577c87

      SHA1

      4282f1eb1e6db400b1d96b9c2a56fff47a397b21

      SHA256

      9b064b70f060cf945fac296fa247ec78aec2ec45ae56d74321b98c8cd2b65fa7

      SHA512

      e4b378db8cab2baddf6a89cfd49e45676769f711419eab51a491c7aeeede8212185a742138b80f93d86254ddc76869e40ec55206e9214a778cb910e3953685ca

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      680cf333a323ddf7a0279ddb9bf46fe2

      SHA1

      9f0d6b5d3c55a3529906bd395e17ab47abf42bc9

      SHA256

      af15aed47047ae9c1637eba5d4bc47c5576d62c732f78b03f5ed17b2de0c73bd

      SHA512

      eb4411412981e5568604953f29a20aabe4945516c76a083a964e1e1841ac87e8cd28f414b2d470f0e73c43821fc75752717defa569da54821306adaf133724de

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2a3f51d20201092e740d635e07aadf1d

      SHA1

      25471af27060c490a63ceab53f85e2ba1fc686ad

      SHA256

      ab83c9367e97780c411e865935b5a57d00aa97de7d5f1c1dae52592d25ad9975

      SHA512

      b3defe11a9aff41b1074bcc60359443dce0e012b082e94a697f2b6451a316330b954fbf56a0973ddf9b40181e1d6db359f0d6716a53b8cfee5ebffc531efb0b7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b9db9b8c55078bc82b0d0a4cb270146b

      SHA1

      caa760c9f14fd9101fe17a50f9da67741d0d86fc

      SHA256

      21ce3e89238bcb49a9825b38e548aec65a37fca11eaaf1dbdc1db4262df1c9e4

      SHA512

      77256acd8c70d71eac652bb9368be8484409c93e79323bf0f5e924e627d572de3703d7458df34a73231cf00b53801e995548e6c58767e07ef454d7a51fd8bf0b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7b1631584ba0fdb0190ddf5a77bc2a47

      SHA1

      77f0bfa63b3df23e43bff18b002316b788292977

      SHA256

      1d6fcda8c8f32146238832537f1f99ef070bdb972cbcae0f3fc1aa73bcbb789b

      SHA512

      6607eaa6a99fbc3b3dc75ed1e20906e0e9b1c52821807f4f3578fbcfb73e0ed9489fc39e7b39e2fa11753258cd511374fd9e73ed0dab589d3c8999b0667308c9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5c4902ac07bad6a515bf0fa45f4b1965

      SHA1

      be288dc4054a1caa386f98f385bd47cebe81e2f8

      SHA256

      d461cdab8a113b9e2d7dc833c29360b824746b032ffdb375a6f0d76e2cf00402

      SHA512

      be0887cb7bd9aba91812544e01e9389df5fde004132059e0c3e414df8610a1a941551d6aac8a25885614c8606d98c96f2e6991ad5f32013244536ee68b7888d7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      09e24abf4fa7783e72329156fd5e5804

      SHA1

      bdc669d2222b0148c73ed9328dfe8c95a05064e8

      SHA256

      ea48d86d138c6a63a03f5f9ef8bd4dae6bf8c86464a4559c4a0fb61eb53836d7

      SHA512

      366c741facbfb15841da3fee3af18e40625f5e05cb900a3d531c49e02ca421204dcbbd35c90a63dc2bd3945f329cb5790ddbb3c0fb11bb0df12a39c9e97d83be

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      72e84a20a9550095372120b792a9b87b

      SHA1

      0cad2e0eddaec237a05f603a9ab1dca13b65cad0

      SHA256

      2e9e8ce1401057441284286f078e8a0d2b1f0d44839a7d3a190832a7caa7cf2e

      SHA512

      51160e9276c3dea5d8da6497a520928bd4b4383a8678b416c940b36e6ebe0fddf97cb4bb7484ca43bae27c96d0dfdad6c88e968a9a70b588185809fe76e92673

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0e13e627e921577061992ef53cd6d750

      SHA1

      262034364ce9d5ce2fd634ba14dd356a0053bf7b

      SHA256

      87416ee2ddb7c687f917ab7ce5f47e55c28b7bcdca0c31ca2dc0133ba70b97c1

      SHA512

      cea419e41cc4a16eee6c983cc26a697a4c77c988d69bb4a0f012c6684323bf6d154748f41d007410969ad9bb44033f33e744506be9717becbe2a43519019f15c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eecae8df3441da7f37ed0faf8af6210e

      SHA1

      e6af778fc73c7bc7aa116c4efd41bafafedcf95f

      SHA256

      3aacc249464aa571a0a15597ccbd3b77b5dfeb605cef0a49f8da1103f7e50857

      SHA512

      9bb7b5b822ac3fd5e17887f5c77b6663aa44228b522112831d7c4b2030bc3e6eb0fb03fe8c55ce58b790c5438a0850355b1fff98346c2e440398537128817aa1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0e87dd68131b0da0db781b0da75a1daf

      SHA1

      915e686374f8c98e714f1f630f23f64d23952b64

      SHA256

      39803517a3ac4d840b28e954360de767e618ce215433aa202749a5abcf5aafb1

      SHA512

      c0a83bc5f4f2ff5a353af935f5642e49ed5c5bb7548d675ec71e8dae93e24e8a647c0f479bde50ff2fa532bec35d588af04d9cf8a7647c055137034d8b84a2c8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      48e1b17d912bd2e829d67b7c22fa382b

      SHA1

      0adfbacb2732f771792fcc7872181213607c6eeb

      SHA256

      27004599d937fc7c19710d9adc645955a5b722b5fc9392810ed1fdf57b7271c0

      SHA512

      1fee12270defb20416b9acc853f646d2932f4749cf1a3ab437bcbee03ac1f9a37b2412ad6151541d9874a37a227bcb655eb90a5b399416e28cec88781a01ad39

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      69fb41ea46b2b857a666c25d8065fc9a

      SHA1

      a2a1f6b010d29fd2e4ede95b9ee7a861d3faa926

      SHA256

      0e28a11aefd13b77860cdcbf39e99be338eedb85a1dbe1795d73a20eea4114ec

      SHA512

      14402a48fb133c2c9bfbb0fd1ee6ee767a8878e4ce708fedf8cea7a758482a824c27531c7e74fba8855a57bf98cf35a4b674950055af06cd729fa62b7009a995

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c223b2cd5bb85f24c6913f36e9b3b1df

      SHA1

      1fc4ba1f7aa74946cc3b2f4b0576e066dadcb7f4

      SHA256

      1a77a0da71c1ac2f453e61177583da45a24000952c8464bf9453d0bb3e98e484

      SHA512

      040ac434af304a07a07f6a82f196f439a6f1f3d2a53d0419cfe95cb8ebed5957ca11e77e1c9466d30f2c7e57117bf9404a3b8eb8403479d8588c03982c6478a3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      757c8f17f16a981518891d5079944b87

      SHA1

      b2f14fea26e1b0e483830aa15ffbb49839d80f55

      SHA256

      6906a7436e18969c44a4bb3c67a6c1eb1a4233420880584c5518743f959d4fcf

      SHA512

      7a2e66981377111f31b66b62fdf9f2c4074e34c72039e6420baaa0d6568396d84e644d16fce41adafde0fd50e66290df89973a0b63b4afc15fb7d2cd9b729ac3

    • C:\Users\Admin\AppData\Local\Temp\Cab6402.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Cab6695.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar66C9.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/588-7-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/588-8-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/608-18-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/608-15-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/608-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/608-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/608-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB