Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 09:31

General

  • Target

    9149fa258b9ae7b3b15ef26f35fc6be3_JaffaCakes118.html

  • Size

    158KB

  • MD5

    9149fa258b9ae7b3b15ef26f35fc6be3

  • SHA1

    abf904db965936c7432261b9d4bbfcbc19e1ba9b

  • SHA256

    2bfabe94fc2ddb167dfbabbbc35a6e534712e52188bc70cabe2f43dcfb967f67

  • SHA512

    63898dc031d37bb25ccab3e3d3ac858924aa545e514aac0bb92d62268fec8fa7769f7e642a60ace74975a6d1c7046e2ce2dae4c1fba509d57b678efee2716f9f

  • SSDEEP

    3072:iA6LFBzDHyfkMY+BES09JXAnyrZalI+YQ:iRSsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9149fa258b9ae7b3b15ef26f35fc6be3_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2184
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:472
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1756
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2940
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275474 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2124

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8d657c214cbe5c7233d41358aa8cbec6

      SHA1

      9f547dd54a045cfbd54258b3ff1c65b1e4092017

      SHA256

      5f9b1a7d2dfd3197afaa1c995873d449af5e308dbeb7bfa84232258bdb43cd58

      SHA512

      f9898bba70dfee070cd5c43a666fe8753a00d8658e19e047248ee348cfd4d7f3bb96f69f95a4632511de874ce5f1f42f9a5346760ea914bafdb47c7dcbfbce1f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      16c544c1aebd4744fab3834aa16b179c

      SHA1

      0820c8a1568075bacb2e5861500098f0fb3cac0b

      SHA256

      dc50ad8c69e0270e3a5361a553186bb734cdddbd1eeb9fb384efd2b9b8e1fdb2

      SHA512

      a3d838a31bb7a8a1ff7d194f3ea9539155c0452b20953c72fe6672f6073ccae90c2a590b95e3188b24ca24c0149c37077fe915d2abd43b71bfa5b376c459c980

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      67c54c46935809c701c3501489eec702

      SHA1

      cd7a1f6f9779584b3c765aeaf6505142c499b0f5

      SHA256

      a5fb261d71fcca2ab8d76c703dcd3528d2feed6dd34af4f949d4ffdcc8a38524

      SHA512

      238a9b8c2864b4a6c55c825c13f7c2dff2d75b3c36b1a93e5a78484cd85c464cd306605ec6917355fda5f6240fb18a819dc2f0c8478e531e6edbd179e362403a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      febf9c60ba7ee32fd4ddc3ab407087c6

      SHA1

      327f34cc57a9c395f3ea462bc8944bb33e50517c

      SHA256

      f59f0a0268fb4a3f7d0d3debf4012ee8b58fa4f47a7cb49cb6e56f17037da329

      SHA512

      d1f2404f92fd1b39fde9bf2825cc3a84fc02b62e61b542b3da0009629f9422cfdf3701abe57951491ae7fada5accea30e1108a3461f9b5ca50f41fc8185793ab

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      db915ad1212ab6a53d71f1d39351ca6a

      SHA1

      5374fabe9733a683bc0edf4acb607aea0741c837

      SHA256

      adc7a811ce61d94a254938344569d447260c68db62e0f158c96c30489369ac42

      SHA512

      ada5a5a7a178f5c6538c2ce4e6f56c8058cfa174e0eb67dc35baf46fde859a1d1ff34aef3acad4549006ebf08928a8a2aa3ecb8a966ef46002ffc6ec800289ab

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e1af3fe7529365b993b704249bf4ccaa

      SHA1

      4becd943f505a15483e3597e438822cbf3b6e127

      SHA256

      dab6f853f2e603556f2520f8ff62ad9ea960436e1cc3e56d3a3941744f40f8fd

      SHA512

      c5e7ded6761388f8c994e3a3ac759752611338a1f32809a7350d53ca63edf39ab14e3b8c9347aee5d0e49e786b685f1265c879a19ddc38b849253536cd5d5ca3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      de762cdce5a1ad6b1f9005689f276791

      SHA1

      a3e18c29fb87cb9320843e86e5773ba598777923

      SHA256

      2db0a1352cc853b854fd66d53a8283559a8e6a70fdd2b17d681e39d037c191a7

      SHA512

      042610ab82e6412660d4da579a22f28f4636708c041fbfeaedce37481da536b1248f5b2f4269f58dc01bfa686dc6b734dd87ca15e23b68b020a7d1fb1f9f9e1f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3d183940e36a51e48323af7276b8b46c

      SHA1

      77254c5930941697df731bb7e9c04cdd16d14024

      SHA256

      8eca130629e2f5de4ab0d36ec3b5e4ca90c6d0b399348ce7b30a13e1664c73e5

      SHA512

      662e961945ee901934170c84734b22424054660923645c7ac32901c52b353dbc23b2cd2d2d40418976bcbc73757c161d5470f2f73de6cc455530d6152cb1006f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1559df781cc9f0826469f875ee372dcd

      SHA1

      4ce5a83591aeb1ce31bbd9af9ea93bae8c1bf603

      SHA256

      2961fd955f0bdc8df901df874e7e1a7795a01d09e1a5868631a5c65d258428f4

      SHA512

      2acf41205824ca5fd08dd6277863ba2d081d007536c61b3111d67fff1dfcb0bf9da428c92d0550c35a7fd817a67d73111b17087deaf4a3b302252f5ee3640798

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3da2cb0e190940c8a2d637a8ee7928e1

      SHA1

      2568be4454ffe9fb2a3125cde3ef05df7616ca47

      SHA256

      5b422a91b95da1e07d38890d7f97ff113ce04686ec07bf3ac2d3681767b1114c

      SHA512

      5a59685dbebe31c9fbc2b1d4c08df06e3b2105409196dc05f7f8c36188952806ffc75c8a5ee7a2f26e679da6f1695a2f487ef2a1cf5579cbd05a828b56af3716

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      48692804666d7e7f59307d2f506ed81a

      SHA1

      925afc8991a31d5c0889b9d6810c627666a86f6f

      SHA256

      f353f4bd8a80f27f38edd1b291e29a8f06627e3edc09b0af1d96d5a90d024aa5

      SHA512

      d40a9b17fa33653b7d7c931e0404217767ba15290b54e5c1fb34857bfd08bc1f6b6e5976c548d2572bd252321fc081f463b3460957cf34ce1cce45e1981c05a9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4e78ad7ac1f5b79af63b26fd95c28170

      SHA1

      1755f505120ffdd0b4fdf107256ff96f2bc862ca

      SHA256

      400f1c94702224e55905c35b4ca5d6ed25e73c2e989afac274044f6c1144e80d

      SHA512

      fc386fff2fbfa24db6a01ed585c13497eb333d0d4a41abffa2610215e48ceb475cd33fd7f6f7967708f0479cc894db20e37b80f9af84352d7c968569ead5c147

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c4117541e5d93ee065e6e90ae6c1593c

      SHA1

      b2e63006fca822df0def13390e8a132b40e9b987

      SHA256

      63cfa0db029533bcc5f2913eddbad52f3755f050f5da8fa58452b3868d7274d5

      SHA512

      b1f939eab71bca6a7a6d6ea1380182fe02ff34594c99a8a6f2f1bd0c122e920e79291e3dfec1419887403441272e8559eefe44a20b15caa0d44a061750a2e390

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f2caa7e6d624d37f404ebbe953897bec

      SHA1

      f4cc34c0fbb9469823c6ca562a08a8b35f8993be

      SHA256

      01c4daba3e5bb1f8e196c49a2dfac147bb49fd1d483e44cae3bb9a4f413049cf

      SHA512

      882c02ed468602fc0dec5b9228d0345cec6b1e056ff5e0be93f272645e2429fae8b529ca9c8ae216cd40925befe83905e4cc18d3974a0a027f4fbd24fd7ac344

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c9750fbc410a0ccb5874089c6bca8219

      SHA1

      4a79b66fcd26cbb0dacc4ff368efdfb6a75b7198

      SHA256

      a6ec3b2521edb4b208a3a7bb184a380813680288691a55553970ee154ab6ce9c

      SHA512

      a9bdc39b0999c140e7e1fbc7f5153c562699dfed9f52f4766404d8924e65314cb0050bbacf9173d178a27da722f3dccbce4ae30af4608812836cf4df447d7413

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d3750f42e9328573938c902357a50fb0

      SHA1

      36b4cda8d7c276d6c8f8aa13c8e7545fc62791a7

      SHA256

      e1424f95d215393db5e2d1de914eb23526f92616cfdc361deb95164d44308c5e

      SHA512

      3f88869e11cd836bae37785452dee8147461142272be6ddc5dfb9e0c70008bad0b3866599565023453a9a8714b41e3c5c50b83e2287b54f49bd77a5559dbac59

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1067b5149ed2ad29bed3bf915145d2ff

      SHA1

      22cd68ebf2c696a6090215eab0dc916ee81f67d9

      SHA256

      a45f60255f4025b03d4a1f989bfbedf9ab696c4d55df217f967d36d53ea9725b

      SHA512

      e81bbee1ddc59343ea34282533759d50fd784271f32d983ba8610851ec89fbcba1abd52b2a062c565517298a661d1d24596c47479e6769bd879dd4d2d2fc163d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8fa97ef8695b02e4c9c07affc577f0e3

      SHA1

      7cdd3896a8cfc8f55215b2ee17c81f92acc86db7

      SHA256

      1b07cb957a9d71991a1250870379870dcb7d1cbd44db565f5218711cb54fe7e9

      SHA512

      bdbf4457167df24439c92517dd55eedc8d27d012523b57a99c4080fd005bb08945f00e6a5880833dd77fb5be97182c618ab00cefd1b2462c683b46709d349f0c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e1eae6e79974c7b20ed809dbc8740608

      SHA1

      d78d668cd92c9d571495f32912d2a2950e217bea

      SHA256

      de6881fd91190d2d7edfcffb737e500139d71af68c2ac2b67d93aaf25c574594

      SHA512

      d0a56e0f1d4c4f94120390d53b400fe836c8dde7d94c027ae805f9b7aef81e4b79a61c120e73f7528f4b0262f27b68ebe2c97a511a02ca280a44aceaeca6575b

    • C:\Users\Admin\AppData\Local\Temp\Cab22BE.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Cab239B.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar23BF.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/472-480-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/472-483-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/472-484-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1756-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1756-491-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB