Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 21:30

General

  • Target

    9bfe35327fd4bcea56811c342e623cc0_JaffaCakes118.html

  • Size

    348KB

  • MD5

    9bfe35327fd4bcea56811c342e623cc0

  • SHA1

    32b0454af89504a97b59a1adbfe94360349855fa

  • SHA256

    778f4353c46facd9efe98b08535bff60b9065e17c617ae724db33e60fa5caf28

  • SHA512

    dcaba13c15a9ac3f5efff81a35d08c129fc5612fcf614c95f647038aa9f05ccb0f8b9c28d1f0810219eb79f07a1c5f8dd28d99a1de060ab2965085e68a75de14

  • SSDEEP

    6144:5sMYod+X3oI+YkIsMYod+X3oI+Y5sMYod+X3oI+YQ:F5d+X3KW5d+X3f5d+X3+

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 44 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9bfe35327fd4bcea56811c342e623cc0_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1448
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2552
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2596
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2512
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2532
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:2392
          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2460
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              4⤵
                PID:2840
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:209929 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2656
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:668678 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2888
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:799753 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2820

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          78b9139713fe548a9f2f9b80ede63f70

          SHA1

          75acf593958a9fe70210aa4bf71990b30e43cc59

          SHA256

          e6bb747feff23c9eb604073d8ed3179d8532f475629b4361568e6a8647aa6d4d

          SHA512

          af694f336247f7f73649ce62ecbeb3b2553c8e3ff8164df34ad0833d314b6e7d0d817027ef3e0ed4d20ecd8e2617e7f1f3986f495cac2c16b45619085a24059c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c41e9ff14f9ccebf42c65dcacf8d58eb

          SHA1

          a60c47c997467e8a074fa1a2a204834d6fc3daac

          SHA256

          c98753c689ae347ee0c98f5da94248bcf4639d013bafbed264860a5b036c791f

          SHA512

          ae90ca4d3e07985e9b35d69177f7457a47c0b15de59e2b083cb6bebd03271b8b41c91c6e1349d59d528b2cc8f408e73f6aea1534038ee9776a82fe2e85bc1857

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          50ec8ab32b1d4e5d11ba8d483427f534

          SHA1

          0ab80c752934f5a92b2a95a9ce97f4894d11afc8

          SHA256

          e4b9f635dfc91a3981033b4c57100150e87a9fc69cfd678678d3bea2d0852cf0

          SHA512

          4791a4a1d4185c89ee7f7de43269286c2a5406c60f2cc751d98d3fced10eaaa5e7f274537a05656aa87e3832f7351150f2ef551085f9d2fa280beeaa7ed998fd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          68c15887c59116494f171b26c4f286a8

          SHA1

          9962c60facde58fe66b6ab1d55983ec6d17a89a0

          SHA256

          599ad8b8e8d6aa19e723186c7cf4cae487ce9116809650a8d14a5a04f50e663e

          SHA512

          dbba70dcb9b5ce591ec757b1661eb5cc566cfbd6eb68d9f6d0cbd2a99d1beca4ddc992a86565273b253cd57e27ce9b4d174a59524064219d436ebd55751cd5c7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9e85ba20ecc05fadb72a54b6203df0c6

          SHA1

          f3f5db6409d887d599b7236a69a66fd8bf3cd90e

          SHA256

          e9048e58df20e4ef3a0a753c82333295074154957df71822ed00cdcdefadf377

          SHA512

          744fdba26958af24033ea176c3a634573496127e1eff42a2f03f6d1e024ddb64dd788f83bc410f4e010e88427b8bcfb11ef88ddd13e184c1b1be5584250e35d0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ddda6a5772ce186ddf05355f5a473e7e

          SHA1

          96ceaf4761ccf20167e58d351d81e47576ddf26d

          SHA256

          b6f5b5d4b6e2ec212b7b6826549e7609cb4d94c60071a97d58caee4f72566265

          SHA512

          62d7559fb20e933956642fd159d754befa45c48e87a685c89da314f497321f636094ab602d7fa19ef28437524da048ab97ab19c258d81594f21728c25e3bda4c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          549e1509b6c30d33a27605b602811760

          SHA1

          f91525f04bf6711337578593ce9074fab8674130

          SHA256

          436c054253ec8d3cca9e423be296bafaebabff0ddccbb6fc7b80fedd7676f27a

          SHA512

          45a2de280c0dc245e099262c942e39cb7dd96075f9f9fdf9d0192f4c853acf6d2c8ca62cf00d1e03916838fc81cdcb8c77bef44e4f6a6b915e03c2abcd194b9e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0936defe211e73d59f4f489562c0e894

          SHA1

          cb5a6659ada4b1e9116aa0f6b36c60feedc66e53

          SHA256

          f99f1a40715b904ef0cf92adc7e23da5aa02e9b4ed41bc993261b2c9b8d9d61d

          SHA512

          de119ea980f5f2724740020e2d8dc688aa0cf09f42993b24af4bdb195346ec5df778e2c6757307cca60ba2acbf2a47f38d2f73b6817baa8d016f60ede7a11775

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5e95a459d95dd5692506ce51f9735c7a

          SHA1

          5402d16f2cdf3388cb2247477a144be3cc44db0e

          SHA256

          43ec5b844ac66c58fc01f0dba58839e0239602b393471160d4431e6f5cbcf351

          SHA512

          e6fa98468f4832a8fe626941be4b72ffb0c6cf8a04e74c6794d54a52eebd7fcd0e2f44ce6b3cbdb4ad53ecbd98c6c1439a37fc52fc5a38cf9b4dd91a80569f88

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3f8285f312914996febe0a1651bb9497

          SHA1

          b740d6a331c8a5041bbfc399332dc0b1f6c7f81c

          SHA256

          4bd3269d833882a0f04ae9bcfbd95f9bcee51d4e045ab0b946c5b0454d916a51

          SHA512

          bff7bf5939ebdb786e6760c52c8e99a26888173f747cf2445fccdc4be66e0cc97c507f3ef8bb261252c1179079d69aebd731ae119b152e0b4109e61c86fe623c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d3f0aae582a13eda92bb74ac95e86a15

          SHA1

          5a54a9d9915de86e551e83cee835b7d65f075a02

          SHA256

          8125b965c76b1e2a9b95455e043b6d327ff4aa15256cc1ffef927ce0278b767c

          SHA512

          28979ee901f5ca8ec473068a280f1400cba5ad3e0eabbf2722a8e5e70a586f1d960a04602c2ec6508bcd6799ed11b3d337364f50032b899e999f84b82bae192e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7e04fd91ee563c3d21fafdf840ce5738

          SHA1

          93e7f8f4d3f09b22cb89065c8dcdfec7349859da

          SHA256

          b8ee5f166497d341e860ca876ce03af18820547ef3f21beee32a5476d74ca87d

          SHA512

          5414ad02396d66241ae677f73527e0e3285a8451e1bc03e2276d144ff03fa303ed4c0a4ba6dee9e562a0a607b769758bbf6dd81123a3104efedbcf274c6e835d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8180a023d477b847e45d62daf064544a

          SHA1

          771d47da9182461659afb1890008f774b40deb47

          SHA256

          d79ac81f0f4bb9bcfbc5c6a6b6fd2bba5782adac94f8b9dfa5557bd8001c4913

          SHA512

          f73f6c3fffab3e6b6122fe9ed812401f8b998aabd8ddb6fb085ddf304eae67cbd86c0575cc5148d54fb0de33230c049813b272648e84138e019ceb20de259b68

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          57c1d2547e74ae7c98c7c62a203ddd0e

          SHA1

          a4453ed9b03b26a970c18229aa1bd70e1d4c7a10

          SHA256

          828d002fafc2614a75f6a10834acf1ddfde7e895a2273c830a647ce8dc98a579

          SHA512

          055e6863ae0ed3960479b586392da4a7711c840d1b8bd0cdebcda08959869a2eac7921e1a4c3d4f89c511eaa7a207d3fcb5ac71286f808c89ee8797ab97bc36f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cd9228377e2faffd839c4d173a5e2760

          SHA1

          4c8bd2d28dcd78a203f17c59afb855e698f9b389

          SHA256

          f6f1cc709c033e48d2d6634ce8f8b0850e65c45db6c733604cf4d0c1978d00d5

          SHA512

          b4364bfee283f004f193677f91949eb9afef882ea551139446895826651d36cfd4dbff3411bde62cfedc69f9c2426d69ff74639819ca67fe8d991cc31c2723b8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c2172716ae13369063c593712732d5cf

          SHA1

          17dd2d14f921d9e1020193501a5a788ae3984301

          SHA256

          ed15030aa52d915fac5e43186b21e4c00a28378f7417001aa75c52d59f81cc9e

          SHA512

          3817078ace8f2ff28d3344b84231a70b6bcff4a164a9b458ffed2727d6b880767a5263aa5415bd66b92fd65a551b5260fe7f819d3c1f0b3ed5550994d768ce7b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a656ac4d4a2cadffa19daa17599ce46e

          SHA1

          0ffd0823dfec285855aa2d0b8525fe2e2ebe0d11

          SHA256

          850193ecccfac548642fdc94329b5830312bac2aa286148315a65369e18c7f42

          SHA512

          ba7acb61cd0cb6ccd4c29807fd23240f0a1672fe48543007e99cd6ad22854aef74d654e7c65e83913684e67765fb0c90a0136944badd59b24a0bdb7c7c4dc4ea

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a3704d5c8899d8090c42cd3a0c01c69b

          SHA1

          27c61c3756ec27f7333d11ceb28710f8c77fecc1

          SHA256

          62d2179fa45a18bea574b2dc01f37b6f040e5dc55e3066d011a8f2a40eff8e6a

          SHA512

          17e63779dac1c69575cb1176799e9d80f3b7ea74c70fc182bf2e9d9c0ef26348225f703fc6ebaaf1459d9d3b7115ca15e0c1e101172c68ddc3e2d23ad7f545c0

        • C:\Users\Admin\AppData\Local\Temp\Cab981E.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar99D9.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • \Users\Admin\AppData\Local\Temp\svchost.exe

          Filesize

          55KB

          MD5

          42bacbdf56184c2fa5fe6770857e2c2d

          SHA1

          521a63ee9ce2f615eda692c382b16fc1b1d57cac

          SHA256

          d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0

          SHA512

          0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71

        • memory/2460-32-0x00000000003E0000-0x00000000003E1000-memory.dmp

          Filesize

          4KB

        • memory/2460-31-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2532-28-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2532-23-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2532-24-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2532-26-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2532-25-0x00000000002D0000-0x00000000002D1000-memory.dmp

          Filesize

          4KB

        • memory/2552-7-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2552-8-0x0000000000230000-0x000000000023F000-memory.dmp

          Filesize

          60KB

        • memory/2596-17-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

        • memory/2596-18-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2596-19-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2596-15-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB