Analysis

  • max time kernel
    119s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 22:17

General

  • Target

    9c1f603a48bcdf8242805f9e41d62b8b_JaffaCakes118.html

  • Size

    116KB

  • MD5

    9c1f603a48bcdf8242805f9e41d62b8b

  • SHA1

    dfb64d42fdc51ab82c187d40c0775ad98601a68c

  • SHA256

    43e98b8978429bb8dec82304be168e86b7088538af10c3bbb6457708881417eb

  • SHA512

    8644847daaa31f92992b8810e5972077c1b6bfb31f394024920e3480bac8ebfb4606f48d764cd916b2406489e67f23b9b358249ed5d9ab6a59bb59bc8eef77e5

  • SSDEEP

    1536:SMTcrLyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:SMILyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9c1f603a48bcdf8242805f9e41d62b8b_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2576
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2508
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2408
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:5977090 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2472

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      c598c2f4bc97b4ceebadf995ec1e7131

      SHA1

      d058a7e2a77d9f6d463a9599aaa24b9bbafc79f9

      SHA256

      813e420aff2c60dfaebcee88842f8a0ae5bf77d42569c57912279e01df539d3f

      SHA512

      04e641af485016a989c1a163f09507025444dfa32dcb6f1cf722463c493dc0e772a5d2b413b0bbb53a2708bc73ba9d667680f01b96b1964ef98b5f26258f26b2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      a3db007556035c9b8f5a605bb95afcdb

      SHA1

      11a2e2a8219760e2ace8da009809174bdf8037cd

      SHA256

      d8dd4900f0179e4972654873cb583fa4ec00f85d71a6e0972c3de07646cf33a9

      SHA512

      2d1ad556fbd4cd3544140536ef90316ac524672ba7d2cb488c25a4906af669d44dea7a63b0362eae5785d87bbe6d015ae13f847a58a4510b2cf18f0a5a33061d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      834b833f620d37f4aa47d696ea0245d2

      SHA1

      192f41175cdf589d2ce786517e344b6d5eaff03e

      SHA256

      9ff54d0b4991d013d1b4fe5f6abe9c7c843ab3b6a20641328e479d6f6adddb3d

      SHA512

      af7236cb41f70cddb65acf724ff0f08fec164cb607f7cccf32f1977731f95d00dcbb8dc599855ef378d86ca62a980b7666445358238ce7182865af7aeb6762ae

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      adf779f657a0bc5c13417800813f654f

      SHA1

      4fd199d9af0e3c1a3f047404b214f89230b301a1

      SHA256

      bbe67539a6f773775114d3aa2e43bdefe15a2e074b43fcb4d0ee89101748d025

      SHA512

      31c2f55535f958be6e0e78c5b09a04b77a55e58ed213c01b289d862bb5bde090554e22425dd43b8c4acdf73651c3522c5ecf4783e32fd19efbaeddb5c1897e07

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      78a810f7441d3c5d643c667cdae0b261

      SHA1

      33e8cf473d0487a6d61dfcab51214d773f7039b2

      SHA256

      7729ab5560778693c56a37f768609fdcd5435893bb77a74c004c8f4077bc551f

      SHA512

      6da7cb93ba5d3622a9bc22fb9bad5241aa86372d3b16e0fadb376146c981aa634b70a963d3c404dde63053b271854d6fb143c6a2dee412c1bbd743e8293463c5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      2b5586d0c5ebd2c194001395dc4d0cb2

      SHA1

      d17008030adc8997e8b19b2dc628fc063a7dd8b9

      SHA256

      cbbbc50298ef013b3d92c69340095ac95c3c57f08fed2f556b7a1ddd22392f7b

      SHA512

      2561aded444d73499084fc8cbac33ac6aefe3d163926f2e2a652501fa653b7b3646b89b0512427dfeb6bfb627958aa7b9ff29bbb36092415fecce02210745cff

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      f30905f096875d2aaa92dedbee5c7a0f

      SHA1

      b7696f7837c2afe4387005336e416117eb75a3c1

      SHA256

      dc910afeb8da938d9f195d56bf85d1ee7bd82d287b1f806f91c424765c30ad33

      SHA512

      6b0878db719e110624c42bc38f865931f55dfaf7597ecfc5942a9d14f572f3c450d8038a3a8dc5eb12ff5875372a668f1c3bc73b0692503116553068ee195f48

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      13094c478e7b508e17ee0f4f2c908f6d

      SHA1

      ecd4376fa6885f35f1c7fb04bccaf4072fb9ac6e

      SHA256

      e784a75df71f9247d2119f98185753d89bd91188a1a7b251018fd9d724701605

      SHA512

      ddfabab6e8d711229f7e6f2131bb3eb5e2d8264b7be41a482f2085ce112cf17c62d8b63130b5fa98fb7172a0cccfd75ca74eac0be2718d012ddbad11a49c37fc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      6f0255668d25fac996c59299302205ad

      SHA1

      ad052d1c6f540b88002dbfa946e6789437df43d4

      SHA256

      1ab0f01855816665f923cafb74a12f5b0de7c364a0ec9243ade72286ec74adf4

      SHA512

      4db99dd2711d203e22b087446bb23c0a2752c9ac0c15f27caa90c780ca19a75f22d175b3c1297780fb7d3004e7bf269818035a134cb1b0c739b9e5ce24473ac0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      85af6710dd4b99fe11d46a83ca7d2b80

      SHA1

      726bbaf822928d66f620421f6fc0887c96153f62

      SHA256

      b8e41405500cdeaf2e62a496e83d9cee5dde6080e1fd29a1c59070983f59cd66

      SHA512

      4c5df6d3ca8f9dada1a63b63f4f3c13fac9c435be959bd862d81c176dd44dd9b88440f62288aa6f314679885bf1b0ae68e2a89bec607c45e7f3f100730358cc4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      b4c07c39168d81b68e4235c60298f244

      SHA1

      49654fa1972b3e057d68c16281eeff4c73a5d851

      SHA256

      0b4d71a00336c3ef48f156e39e06eb0a6ad5f16d9803b1d59288add321367af4

      SHA512

      3cfcf28a3e711bf557098fe1d90ea09bdfe7095b93ece17cccb60c9afdcfb189441a4659a1a384478fb5d770f7e6e203ec1c18672fc46a43a5ca9909bd60d55f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      f7df87ad6461b1fee834344e8e1876a7

      SHA1

      58cce17487c152c0c0f622d03b08fb3c2b81b242

      SHA256

      e48ffc0e4c62e798f4b56bc25fdf61e47c46b71c3189ce1f1fe125e40d3d0af1

      SHA512

      51fcc386ec5899ccb95362c90a355263e376dce13fdcdb38d098b8207f25be9559dea999947def5d6a1945fe899ae747d3b43e918ca0faaaf15880dd46be3494

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      a2795b9744da922ab2e5884931449822

      SHA1

      56a9677289b12103fa58184bbe8c24dec58feb11

      SHA256

      2a338c0c700b21007b6755845adab9100fd8a8134c555a801d1c86d4d44c403f

      SHA512

      199f30e4dc833f85e0b41fa4d3866ab63890117338302bf5e4a6c58e7f8ec6e080de348e11d520d41217591dba2096a02df5de4e4ceea8e907c9342901350300

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      4bb67f0b72459164d4e0dc845a1fa266

      SHA1

      2b559ff83b3be044d7e7e2c8d017dff1342d2987

      SHA256

      b9eb47dc3b1621431598be1416c067c9f2dab29f08a6b01f6e66180d227895a1

      SHA512

      db2e74ed6c7d5132829a1276446100e81dd2b95bc4cb07ded45913642e44bf4ad8344141b7eef61261ce48f565d1c22590d5f32a28dba577ad58aac167d76346

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      e09448c3466c794eb5a01ac5ea7d47a4

      SHA1

      7eaa74e6af427dd8a3efd7ab22d95baa899f88e3

      SHA256

      bc3944c5d132479c8043c5bd4e377ace41fb6d1cc0aa4d9242076725a4d8967d

      SHA512

      4632b7f63feb03fe4e6c65b43ddacfa66ad45e3358d202b22e053e80aa69fb1d0c6ede3c589d61012ea528f0660b525972cbea170d40cae8aba00ef4215fbf10

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      7af960a65ac4cf03082dccdaeb3ce932

      SHA1

      4e2721a1ec9dc1373652edfc0909e38522535176

      SHA256

      350f32a613461b1eef405227b45f5e02018051bf2e369cc670ba03558f116ac4

      SHA512

      221010188ab046b2912850595121fc7f514a4ae39f2ce29f1dacfbeee08dc45385e7a456240ff5b5a433649a013296f2072096f251aa20b54d6d21c65e375e8a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      99c34ca41003f4b18b390ebea8e531e0

      SHA1

      28ad02704b346d55ea9c299da5e866f4e57b1f42

      SHA256

      b6341762538dcd432ee26213f2b2935ad3d5f4bf696cbb5469401d600d7eafa0

      SHA512

      ad4b337977c83f18d457e43112c5816d5f72c18ded1b63899cc4e1389f4fbf8db9d145e8ecd000026ebe2de668fd0033d153e1328ceb854b01f93dd8f1734f52

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      d0b971707cbde29f55d94460f1820d48

      SHA1

      f6ad59a1f9bfa0758ac2495d892aea3d1dd1e58f

      SHA256

      cc54c87ab82f0fb0471d1ec513d9e2d9abc249a5ab8e0545baea210fd4dc4846

      SHA512

      6237973b5ed5b61cb7c68755cb9935c340894342b41dd387ab0757ca9a138db24331df3b5e8a7150b05cc99c6b87246bf00090341f985d2c90297dd31ede27f0

    • C:\Users\Admin\AppData\Local\Temp\CabAF35.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\TarB075.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2508-19-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2508-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2508-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2508-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2576-8-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2576-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2576-13-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB