Analysis

  • max time kernel
    128s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 00:07

General

  • Target

    931405ee82d206cbbc97722ba616bb6c_JaffaCakes118.html

  • Size

    125KB

  • MD5

    931405ee82d206cbbc97722ba616bb6c

  • SHA1

    766db4b9121be54a71c021eb4affb0e3023c5e48

  • SHA256

    64830627cdc0c53df1da2a1927bb0db4483ca29f1ec81b9a4bdc240b380257a1

  • SHA512

    9c336e2ac400dc8a67bbf1eecaa0be1eaf48fecf8fe3ce7354181cc2eac36a7f7bd75d0ccd40d100220238dc9bcc498b33b14e0d71701cd8c2dd6f2f7b66ffd1

  • SSDEEP

    1536:SL4U13qcncnX8ZLHo5U5LyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09wd:SPLHpyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\931405ee82d206cbbc97722ba616bb6c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1508
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2332
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1240
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2088
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:209937 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2848

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      252B

      MD5

      29033d2399acd6a3c4bcd35fa2d02fa5

      SHA1

      3065692f90edbafc8efa4a08bdbc3af1a4338de0

      SHA256

      9d1ddea57615dd3a05c0353c5ad4ce85f2b64ba7b4b1bef793adfafb74dd3aba

      SHA512

      74992883da370e0bb44f9d90da95b92bab9b470a431581ad9e635f47049299fb3412fd7149fdef3fed7dd35a2349a00ad24f651982bf79205c7553da955f99b0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      aab1793e031c9ca3aa18895f0810f867

      SHA1

      193cc611ad042ef9e8bc45ab3b154aab91bda2ba

      SHA256

      f62312104a6256e4b1f87dbd5c8046b0563e85e78cc1ab7945ec021a253e65d8

      SHA512

      0ea4602a3d746c474b2abdd7dfba3fd2177b1d5c31df9437d627c37d2c51a23d41132b8cbc1c27f6c3c08961041bfb8a7e6043e207c3ec85ed4e7fb3e72b5fba

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ef14f4577521e7d28d4bb4be13da5b0a

      SHA1

      b95d2890959b93dc2b9fc38744fc9d80d3156dcc

      SHA256

      4a053c983b258a0af9cb9f1dcc1cee99496c83f122725b7c44966b840f0de54d

      SHA512

      e2d179bcdd10dae95f856d5c19b8f6e249f1f32cf0d7557daf3f5d64e960bb3bea42b8da55100d6b54c25bdc80dd07a32e28602e300ba53043531665bb449d07

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cd1418d852d7d418f6b5757b96074335

      SHA1

      42cf395969203b1d7d6d385c91f85af9e2c8e1ec

      SHA256

      64b9fa00ec87750b8551fa095ed63279060a5fde14b187464892bb24a788db6a

      SHA512

      71f9a2a81080d9de5ec98ea0602e82d4e935d382dfbf163151ab8cdd989391404da295efc358b3e30610696f06911df24c6045e4ff4de0b5a4acf888c3312ad3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5c64209e38290c5dc2206123485fe4af

      SHA1

      06b850876aa0c1e24deb9e3555243d275a8d2cca

      SHA256

      cd79d0d22a767629d421bf3fa790b2d430b0b30955c90adb067ba68467ef67c3

      SHA512

      318e6120d59701eb92683ea8382b3136773b17380cfe666e4c10b88fa712ca611a72037f3149a71e99fe2a63591f1960975a81be9bc5a5019a543aa2ac38712c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      17f4d32ca2c4b7870d5e83429cd9d8ff

      SHA1

      fab11393b9053bb162eccdb2593c7d37906fd6cd

      SHA256

      4287243e3dfb821fee284d6dd33a613321603d518864b528ba80c03ccdbb6b2c

      SHA512

      1d32c2a12e9ddce31ff5398b511b6f976f5753fc567362a8f0d091fdc50263f48840e9668e80eaa86545e05141b0909a2a934e8cfff5aae57543e2808f85a3b8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c32970a9884f05b73abcf0e5fbde85b7

      SHA1

      5fd61018734ae748b435b6ff8ef32ae64e0af3f0

      SHA256

      1aa1a90bb65cfee6f5684e205b5fd4527171c1b34136c928032fec48551ee75d

      SHA512

      deaa284382132dd80e01f7215df6b3fd9b7c3f679d2d413b4b115e724a46f703854c1186d155740a273c816489aeb4927201c92aa0180c570c86a76a53c0ded4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bdae5cb41977d48d1d59866f9c129baf

      SHA1

      24b47a9535cf6dc2ea6b62e98b89be62208d2d86

      SHA256

      3f4e6ad6cfdf3cf362c0e74229aee0bae102bccf6e90714a401331a60eef634b

      SHA512

      266ceee99873a89a99ae986cd2a303fdea51f3a0a695d9709372a56a92be6450afe7ccb607012e0cadc58a45b0f3896af17ffe2843704aaa5df24211c1653e9b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3da7840d63c634f34367a0711180185d

      SHA1

      91b9a126b56fa6ba5392b3d5487f7a9b2100d1ad

      SHA256

      1d4a5ce0b3e023f06f557091525099e9e7648a73fac58f388e9dbdecc4d05888

      SHA512

      577579e74e815acaeacfaea6d7abff76381c9715f5cb8e3695e576347dd385e3fd2251bbe733931d3d204e56a655336b96065c851fec8b521c533ca2798ce188

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      51c959cc770d93d296d5a01ca5c798cf

      SHA1

      10080b2327e277b2417655f7b5301a1c5ee25559

      SHA256

      f1edacdea65959a446624a5245ee10fe6424bca6f309585a51dadb751cd5d66d

      SHA512

      827325718c387aded87c7d73a6e4bd7cd6dfba820a936ec21475756db6267c4742e45b985b771c2fbf78173de97152a11c899c368bffdfcc9cd7f50906cf2d08

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b85cfaf4fd350377a06a3a3d20ba3ba2

      SHA1

      3653d7b1129f95f86389c58e9d5c43ef747b49e8

      SHA256

      9b8c831c87c3c6b2d8ad7624965ba18a69def4ad165a84d37e6fc0ea992ff1cf

      SHA512

      2930b77c649f4ff296f89061155da85d6fcb5c9df35af1122c032a67a455a8830431f1f189878318e36d8612a8ad3da2fad48df7542cc4590adb988e75fdc3ec

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1a7ca2ff4b467395eb4a001603581b03

      SHA1

      0dc8ca2c5d10cb1f5f1093719da64b88a22c441f

      SHA256

      d4a6ac1d4914a69423046760369a8d5854940a7ad5e34503f2f5ea51e7fc61c4

      SHA512

      d9ee0a4cec628d1b70cb2caaf0851c35a0acc5935bbc3455924b0719e708ab3097a3cca8b577b4a1b7ca2cddcff96e88b16927f669d0a86e586cfb07cbc0b8e7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a67ff827743e60496a406510ba81c6eb

      SHA1

      8a5a1cb01a63cdff61d93c849654393281e23c3b

      SHA256

      989d1a44e23d5acce91c6c66ee092be5b11964518100cd863c7e622c01cc2757

      SHA512

      77fdeade662c2e5075c699e25db1afce0778c3b95d7ecddd2323a503e44a4fec9c4c50fc666c9a02a125851f55ffa9d7bf92db4e2c24767e16a48b659d203531

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      31d0ff9a67fabbac861c9d2c04b904b4

      SHA1

      ad1d9caede8167c916044de1cff4e61bfe313bdd

      SHA256

      9ba39d662edeaef885c95e3c6053f447fc14059b654df9654c8b0d4e80ab1da0

      SHA512

      18ccf9394c2c7e77d5db059ce828e64a7ccfe4e315485377b55bce2efe2b64c3d6992f98d121b3ec4029903a5facba418da7f5e408ab25f0a85e12428bc574eb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8ad443a68780348478ff3b3150cf0b4b

      SHA1

      515a1a2e541c01b64dd5d9cae751e8fb8d9266d3

      SHA256

      141c85b277afdba88490b182fb367a014b2ebd6fe425d55d28901c403d262e63

      SHA512

      0813a9b40c46bcc70299509fcfd3dc2af733b8d292100fbb19a8b86b4bf8283555df8ca55007b9ffd24a4f60cfa3b2092346578331e6016da2ceb4a1eb372143

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      74f87a8f530e8ea9583d9ab353e7b613

      SHA1

      a22994029c54a5ee1b9f8735802c2cdd9cf1c5c2

      SHA256

      2cd0a5c4bbeecc0c5ff41b97168bba9a35bd41d54eca3496334161fe4de59253

      SHA512

      8890b2ad49ed30a0c5e3a63cc9fb48ad5b9c44ab8a6b17a53b139c0975bcadbd2e23e88054049bf7e9edb4ed4b18adbdf4f7450bcee9efaf0769436746c8b581

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4de267aca0977562ad0305e01656ebd9

      SHA1

      40a775126d0848adcef82b3525825ac88ddb09fe

      SHA256

      647ed013c58ee1bee84e24c4ef3c05623a88b1ffb765e06303355b0fb61bb0a5

      SHA512

      b3faf0bc34ebf7eae4bda6e5a4173e8e592531db9ad125ec484defb047a1609774f8209d4d070cbd43e3c2e40024bea91cf54f8b37a62fa971c8d637c9a88d8a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b0b0d4bae63fc068fbd4ef1ba639c719

      SHA1

      bb957a43d1548bcb4c26ecef41367aee9df02827

      SHA256

      3c249893da03df3937a7122a9f8177aa906969a882c61fddd66ad31b234c2b43

      SHA512

      18027ed191f98f136351c3e57774ea22006f53eabfadc627691c82b953f4053a8bdfcaaf391a9893520e2912034e0a542a7fc080a476940ee7fe65b06a6b6e69

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1b9452225cb0b6e05e5f8499068ee2b8

      SHA1

      f9e9589bcd723bc671746547ba00946db8e9cbff

      SHA256

      face4a9beab58feb8bc8ffb907a0289bc1cf631d0840f3a02b96df0f79d3408a

      SHA512

      3b86184ac90bb039026ae87a201de383fc61ebaa0fb324d724d14256275f4892c1ba4c1b22b0aea4e5965b028af04e5a47d13e0e5c175379d23a3da0ff7e0d5f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6919bd54f8d14558c49ea3da0964470a

      SHA1

      950daf651c61d8b82290065c18d4aa8e208f44fd

      SHA256

      03e8b95f06473b92bdc8f3758241d1fe1f05bb44c40c9858973b5a555308285c

      SHA512

      1a2f46579135fc6e4f73495bde7ef4899c146945e3b36e36710f52fcec2ed7f6d909d84403aff3556885795e31649562f20a4c2cb0c46d97c1e501bd21310ca2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e05c26916542b42131ad1c9f4a1a5205

      SHA1

      a8e8a2dd7c063eb3a7f8143bec5748212c366100

      SHA256

      54ddc15230346e1f2b698fe51d9def36e2147a69f31aa99440b2902f63ac16dd

      SHA512

      c0a11956599d29e9b1930ebe0c55b1fd96e0766c4fc5b5518609e1e6a786f8b20516cbf6e7e1f8f5879a1445ea9ef281c7e1daf213f2c9d7475d343a1bfeb638

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      242B

      MD5

      f349e50f46c3ee5bd77bdcf31009d201

      SHA1

      361ac701b2bd2d03dbb08789c9ad0d17222f1c8d

      SHA256

      d89ab1f66ee0a1151326b5c9e07aab09f4129711cad3333537b5f2447e74ad72

      SHA512

      d580ab929407bb494347ebbaa8d71d02fe20ee669bb7be7bdb1216c4b455488bb717177e4cf673379cb49db64367d7c387985be10cfadb7836aa6ab72a8d5f7e

    • C:\Users\Admin\AppData\Local\Temp\Cab12D7.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar13C8.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1240-653-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1240-655-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1240-651-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2332-644-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2332-641-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2332-645-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB