Analysis

  • max time kernel
    131s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 00:17

General

  • Target

    9319b75cb2e2b75b35b892726d6e79dc_JaffaCakes118.html

  • Size

    162KB

  • MD5

    9319b75cb2e2b75b35b892726d6e79dc

  • SHA1

    4bde6a78778cea0bf328fb22f86e3600e68591b4

  • SHA256

    ab5a8c13e629e6891d5057e34863a315b80a23099cc83b10a0688f79d221c7a1

  • SHA512

    82aa64cf25cfa275a10de9e6ea9aa536d8d61c056f5b77013b8085b9b3eb5d80e9d03e52dbf2dfe40ba2a25eaff5bbadd78fdcea523d7578f9a09d162bceaefb

  • SSDEEP

    1536:ifRT5tQYKgXimtMhyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:ix9VihhyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9319b75cb2e2b75b35b892726d6e79dc_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1992
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2852
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2192
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:824
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275474 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1652

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      89b53827dc320fd26c259701017c6fd9

      SHA1

      56707572e703717ab4189e8f1b306de96273cefb

      SHA256

      c35d033e7c3358bd8611156359b4ad4b8e012177722c8b3882e68e67e2ce3dcb

      SHA512

      4d993c9a8d710e8f22fa3e07bc37d04cf1aabc47185c45f16aaa158c148c93e5f09263a199eb3affcd63fccd33eef2b6b963539f077f4d70dff251bf2acf9daa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      09150eee40647e6bec04611f8c908265

      SHA1

      b1ec35e93e09833c50869951de0411ac957d8c56

      SHA256

      ba8e2ff523e4c467e4bc865c401cbd6957a9118e9fd0f3ffe786308229d49572

      SHA512

      a84287b07825db298f43de80fa30f67cabb353e097ec339856936d7e98df91f0ef52cbdcc1f8b4fc97079ab467a7ec49219f21cb310748474c9921c9b9e5b7d7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2f94659d6a8ce49a50d5bcb2011b3ca5

      SHA1

      79d10e445e7eac1d73c83e1ef0e29569c4882db0

      SHA256

      4926e469248fcf76e148758ca6d159b73badd9cd372f0b128b1204d852014f76

      SHA512

      8519e0e749eefb8355758741cf5c964d8cb496082ef8b6396ef073c0a5bdfa2e89b4dfeb185b3383c91303d83061bae4ba142a7bed89165cd00dbf477c886c3b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7241414a9b9eed404e23d25fce8ccc56

      SHA1

      4a3ea894d22ebfa6a6d68fdeb6254df72e23fdde

      SHA256

      7144a5eb3e5e7c32ce771a38c56831100912423f63613d170c3d96252ee58fc5

      SHA512

      99ffd3cdde57bf62a2bda607b137896ed7d345cedc3f0f2b95a984f37799e2651d340b05735e15e3fe8975acd6b1ad5d752a3be7287fff51cdddfb91116afabb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      73d87c62214cc4535407ead2e41dc68b

      SHA1

      07745c8a5041fb67299d53230241b864a091959e

      SHA256

      4fd0ac258f43530643f098f95bff6e3fd1218e6fee9b23dfe4f133f03a7dbca2

      SHA512

      519d1b2f17b4beb0f88b92ab1203feaf10826be15376297db01e18a9b4ea74469d847628103df22dd035b579f7a5d2004e34d3446830dcddc5ddbbd43948e82a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      49fdc68d9d316ae9ba618432e2a82019

      SHA1

      f26c297be50b5bcf196e46c262d843f333979ff1

      SHA256

      9a1920b5db8498ae30c074b67e2de6e3054398bbb0d3ec6685fa439f9e1e4c62

      SHA512

      54d1caea8d77570cfce78ad9f99540713f36102bf9e7d28eb009077e6ec8aadd651a3e07ca9f15e925bd97e7a95dec4a84ebda64a2f8eff24a8d0e2ffc5d3f1e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d3bb5f076c1cce4ceecd718642872ba3

      SHA1

      a7371b30adcd4527c51879ce54713634f0383360

      SHA256

      f39a0e9e6f9c3ead288d346881c3b2573a82f86ae5636d6b41ae7af4af85792c

      SHA512

      a7e76cf2c55d7c200c21805edb76a9b897c231ab1bd0db38857168a3356ff96bba9b8a835dcd04de438ef0d9dbd7f2ba69cd09d7cdd12072a31604b8d78ccecd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0ea21b0597578c306f81fad438599e55

      SHA1

      b19c7206952af2e0fbc9fb7c74edb9bf269673a5

      SHA256

      537cc1f526f95b6790f6fc070fb5aed1743f85c0b5c44b360a992a13766e0d86

      SHA512

      756dca7a198ded88b777f4f24ff80e39cdf323caefaabef8522512fd14587d2a8125ddc4ad67c1a923b39b4cb15cb1f44d58dd220d294f80cd81c799d9941a96

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      586b36fd35ff266a2910e6d5d85573eb

      SHA1

      e545d4599b25ed396241cc36465899a9b7feb8e8

      SHA256

      07722ae75ab2603c28d9ba5399367e84881967f29f590c636ab8973eba7eb27e

      SHA512

      e20e143d2eebcc9ec392c8846e71959dd0515c453ac10da49e565e2af10a7a4bacfd93da6cddfcd4446c135811a0f002cdcf0e267f3bafc109d8729b9dca87ce

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9c931e5ce25c76924da570699d40890b

      SHA1

      b2e499b6969dbb6b85ff5ab7674eb4824aca9838

      SHA256

      df434f9cfabaf3d70df8c0fb98c0a03ab2d8c912f61b459f08e0ec31e93595b8

      SHA512

      5e8a92e175f1793dbbff21091408a6b5b514984c4f170620c33469bff26edeb4cfd3824769b317d8d5d4b0724dcebc9c35612a24cdcba62721bdeb34917c2f1a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0cdd3a957b958ef173467527304a080d

      SHA1

      ed9cfb0229bbdd771b05da69c9669e00cd5e006d

      SHA256

      79ca9f444aed4342ff95ac0c4c6d2ea54ea8e2c8ba3642e720c6fecba832b90d

      SHA512

      f8b0642fcb176d03e43a45b63034489eae74af3f4f6155ae399a76ba30c6edfc8a88cd79d3d95151de9671b562b1352459ca85799c79fefde0978336e42da0c5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e9f43821db8c7740338e977c25adfcf3

      SHA1

      0e37d96dbc7ba84f62002bd4c35380cba0fba5b0

      SHA256

      8a75cb4a6f7800e7a4c0a5b72a3a71a2c94215a1ba7c25660ce6a7012a32f8b8

      SHA512

      f2e9ebe3e0d1b59b18ff50e5e8dfabb69ac9d856190b2be2e7e16d1170e83193f782072a194fd24e0fc0a94f8b8fd14b33689a41e9824d4971d43dbf2360c15e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      79c2eaa66ad52289670f1f48dbf3d2b5

      SHA1

      499169b21a65e356450706f80b50726db785af33

      SHA256

      124bacee3684ccf2e6144acde231afb78c764b437e5a50542286ee7c90e7caad

      SHA512

      4c52803aa719f98e0f08ee0e23d01b8203efbf09678eaf49393ac8f02a379a081ef54fa3b1e7bd1c59e2a496fb0017dc54d22662586c26a7f81eda5ffed5cb44

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3ac81a7f5044e63c364d7f55c541bd8c

      SHA1

      00bd8d97103f61eb8348436c641c333a927928be

      SHA256

      72a65443093ca6e0d8585b304c86b1159f0843f5d42862770c8910006fcfefe7

      SHA512

      1133fad25781b0f216671cb598f5bbb3350f1861301bc256be47385b62bda64d76a2b08764af7d4bfd0e8ed31f6ca0bffbabd0055403b4d2c83a8afc25be83fb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      352fb936dce46de3994ff3bc59eaad3c

      SHA1

      69c1582eca24aed61434f5b98c68f1c684467889

      SHA256

      3baffed207e16e6fd9f9c867004139d368b89cb27d8338018be490082ccb87e4

      SHA512

      3126523c7864f93cce5ac2bc4df65f782e05464a597fc8617fc111933014233d65aa673add3f748c055339085dd614d7426d7f8630ca55cf3b21fc327b3b6087

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dacea38a9b1782a257a89e632be08dfc

      SHA1

      090706d59ecb8b415085946ffd5456796501ccc0

      SHA256

      bac794b1b904b9de766ce828ad55f8d4f403d171567f97f1d0a37822bd88b190

      SHA512

      94fb9c6750a55705311620c0b16214f94f877c68a5a16709ff23756a528d53a6bad8603f01e8683822ea0cc7e47bbd097035965f8068e5809fc7d505632b36ff

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3f6f9df6359f06d6ab266b36be8b826a

      SHA1

      56675d0a3bfec1cc2f5cb6c3554e8c88fab5be7f

      SHA256

      7ed0cac413f4ed9058ddeb83c1559f6247a2c1adbf53706510f5653a01b4e4b5

      SHA512

      27fef0eda36a23a3363f05bd5b7296abf6d75580be109922ee5192d3e9d1a7eee57369ddfe74bd3398347aeadf664ab3a9e44f272584655f692f6cc7cb97537e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d2e75b0e0308cf76514941a8920ac826

      SHA1

      ace8940a915032d64ab8dfd9691164d74f01b101

      SHA256

      36cf46b0db0fe7a656b43d66d0d5349d1f24daebb20385a3a4ed776ebda7e6a4

      SHA512

      5b67110a0af3e91a07009b0c0f9e851ede670caef90c49e24c48150af783079946a3a34fd0c8573e1f37d2d17eee813756896d24f8e9011faa94e7ec7e545043

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b11de85b4b5ed14645ff5124df8c5a8e

      SHA1

      8b3cea0b042410614b97fcadb14713b33e5a22bd

      SHA256

      b65982f17e0f4195ec2f535ecd36e9783f8946bddd1996ef8b3307a7fdeee3b6

      SHA512

      9c0b16cd5dd28ea2cf342735503beec5ae608e39e4a2357e1ed6ccebd7c872d84f25f917c2af11302eb767bf0a80dc9fe214ab6243c881734fd23be540b3e7b1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c66b5070a62fbedd38324f68b0b4ab69

      SHA1

      e65deb9822140731db3d1bdb171742016f9a2380

      SHA256

      1b1d1d0c3922a2be89e27895671640adaf6e15b30882dc1e8cb753bc9b991c40

      SHA512

      60afae2e5f825aac6283c787c0e9b16f81537df0f93c5912feaa3e373933c407c92aa1750f3c2ba3caf502c40c6e76e23e17c13b0a70c183fcd8ddb1ae7c7cb7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7acf5cda177e69c20b1e2073e34059c2

      SHA1

      458b5f532515e16196108c75acc0a2199ea2a1d0

      SHA256

      21b81417bc6728a9c755cf19ccf631e866290e95fbd9f28a4cfadab49771547b

      SHA512

      8bb29884534104facad8d269638f3b0c8a528e600bf631863e480faa376a89f0199b56de9bcf2717161d92b79baf040e0e55034d2ec05526ffb4b7bf14fac64b

    • C:\Users\Admin\AppData\Local\Temp\Cab1289.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar12DE.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2192-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2192-493-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

    • memory/2192-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2192-490-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2852-483-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2852-484-0x0000000000250000-0x000000000025F000-memory.dmp

      Filesize

      60KB