Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 23:17

General

  • Target

    9c44a99e251b9626cabc5c56de71f16c_JaffaCakes118.html

  • Size

    144KB

  • MD5

    9c44a99e251b9626cabc5c56de71f16c

  • SHA1

    06f4b1d7a262d41b2a5b3475d993a5cf2f002381

  • SHA256

    4d8c8b9ae76a2bd43aeb029b99c54e818a2560280f86718b1a5c37a8e096b2ba

  • SHA512

    ea72b5f2019c5a21791bd23b2ebcebb4187b648f43d979462b340f2bf1b9068c9c34df412eac44d4fafd518d249c56cc4af552735f2f7c9778d426d8dd208e29

  • SSDEEP

    1536:2snNx5O6R4YWLyL/WyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:i84YEyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9c44a99e251b9626cabc5c56de71f16c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2444
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2612
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2600
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2336
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:537607 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2404

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      492c5a164ac6539c18694f15c9652eda

      SHA1

      c53211025d571cba0436832f62bfdd23308af281

      SHA256

      fe1a33d952180bce48cff8e199a1219864f55e11505d58cac38bd6165330a51c

      SHA512

      811a6ccf265e58d459c87b81fdac937e21584ef17255abfe999e171928c1f925ed00ffdfabb4c026f85fa31f191978fa66f0b45685e753cbfcb36e920f8f3314

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      601c74a34bacbb1173e399a49731a870

      SHA1

      f5bcf1cd3ffb442a8545094f4b050028c904c64c

      SHA256

      a3ea6c57481db992169f6f29c18ad24973cd0360304d595429c5d08615ac85d6

      SHA512

      51ec115695c315dd65ddf773f043f5a40f2483e2203028c155072b844021ebc8fb7227caaa6096a1c19697e4a36297255fb562af68bb5e3b9b1bdc5caf9d1495

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e45d71f5a92f7156d18e5da48790209a

      SHA1

      828414b5fd71b299ff285604fabf13cbf30e5587

      SHA256

      9e500f92c8fdb1aa187ec85d4f33b5aa08ca4734bc638bb717f01f8afec42b15

      SHA512

      9aa24f372dd6f9b5901f52608a75ee4f28e0873e42454aa80529a96f5f554c53abb2c4c6b91369f1e3e4d6b9e792571b26223671556569455044c383f053c6f7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c89123ded464a34dfb5176f7226f2c16

      SHA1

      26034eff564343c1ee365bedfb36f0df82a4bb13

      SHA256

      a521dbe01def1c3485ef078d13622dc94e2e3f61446a10dc612507f8511f8281

      SHA512

      f25ab014fa359413af0168c5bfa9dc2dec041e88edfdfc4317ffb720ea49324d5dcdfaf0376b05ea0631ca2dad2ea3347adbe188828ce0d2a22bc776ab529deb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5e8022ed8bd96b8c777c251449adb586

      SHA1

      733a66860ea9d25833d3e6804f640ae2c2f3f677

      SHA256

      24754ae9b8ea200d13d9b9f46093a06fbccefc941f3408749ce8299e844b3f6f

      SHA512

      6cb83a0297cc9c5bdc5a87f3ef4ade3c431f6e73319dd37b247cd89cfafc2006a2ceb967a3a4badc792c30e2c0fb095e1631beb4767f961088990441082c6ffc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9715cc8823a3e2eeb49c7964da3ae8a6

      SHA1

      c37a8a3a8fef085f1c5ec50942b693af4b05aae1

      SHA256

      5f3b782bdee28f6d0a563d02450ec7661d4845274a132cbd3f8f15663722a523

      SHA512

      ab14e876fb37d200f404dbeb1db0123fa9d21d31a856e4966de6bf0c16c5bf4889dd1decf545966b2be33632613b28c241d300def81fff5d03a2a2d88450a3ec

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      15eee34feaaeb32923e351314f6d68d3

      SHA1

      c20f2bed638d86fe10d084545a2becddf4f49b32

      SHA256

      f7fe1317272b79f0eeabfb09111942c0897aa7123e1a8c22b01fbce8d0ff3dcf

      SHA512

      463bf92c9a049b947c6cfc29ed5a103514fc4afab7df9b6891d8557ee33f31f9e9fae693e322aaa4ba43202992f34a34a33dca16897e2f0afb06c0835fe44572

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7478196a39a38f7310d9c1539757de49

      SHA1

      5671526536767bcbc14c0b7803ef322ad649ab27

      SHA256

      1f8aa289cc7f7f413c0b04b0ad714c952512d3900db7685a7c059232d82c4f8a

      SHA512

      26144c18c77696c5af94a26f6b44c6cf5ff3f9ea64c9595b943ff2e6a27053f442faff7d17d5a498f5df1e6e95f20b28d29fd1583698ad38c1183db412437611

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e8117c6efb223699ddb1e202cc165e4a

      SHA1

      9c4e55a20b841df3034f8b13224919844451389c

      SHA256

      113086c263cfac485f640c7c007a243a6229b57460ea65e659fab80f4624c8f4

      SHA512

      05d9757eb39e46e49262e7517591c9a12ecd4ed3edacd1d19a23032bc442c67c3916de1eb0da03d7e885409a0d68a0bca680a8cd39e9b063678ab4fb15eab7d7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      baa23e6137ac8b995961b30cbdec8fca

      SHA1

      c22eb6f5c5fcd6567c43202c9780878c56ff72cd

      SHA256

      7d87fcc064026748241c6da14199ec54b040450278651f08a791fe630289f0ec

      SHA512

      dd83292489e8c4d2af16115cf853348084661280edf69e28eb8072054b8f2ea2ddc041f5376bac3d3f4b59d87490f068c39a7e250feb99fbc7f748bf20137974

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      edb68ba18175918a9e61480d5318a5da

      SHA1

      ce7a2b816537dc9ab07baed3aa863872c78cb3d4

      SHA256

      9677732fcf0b7e7085d43feaaeb3d7dca8aa0051cb9647655bcec787c67c5e3e

      SHA512

      d95dc9c988d3c3bae36de59190dd9e80d6d0e10b78584d58243265bdb31549cadf664522198f78fa9a01ae594a90b9a5b09c3f2d4afdb5a3fec90fdf256d1c37

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      86bdcf1aea96531b8f5c6530b6da3c3d

      SHA1

      ef1a9001fb0636d67d43e13279d5067fbf60f6a7

      SHA256

      67bcafcbcec8ac34cd5f394030358a0d31a4403b2f0f6331fc695a6059e00eb1

      SHA512

      62cda520647e3396a15dcf91688d0ba1cf45361d9747d94fd0de035029ae3e2d0c66011064dc519675625fa782ab310e74f6415e33f2de916f19d55563cc4112

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9efd1391b9f013f6a8f180f2cf52fc16

      SHA1

      3692cc21ffa5436633b114394e0610ad3c45466e

      SHA256

      5ecfa164e97124c7a974fab34c53576660a115a78f18bcd28990ecca4f9caea0

      SHA512

      e3f5e2c75a210062387ecf320a3ae261f33cf809ff3a1c521ea4557c8568a91073dc6ff11d11f7a098fb05340f7c3aa752fd6f54c12937bce25d24838f335c5e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b906d76c0b797651849b8554139a07d4

      SHA1

      daaabd497da5020edcf154ff2e08409c3d223b02

      SHA256

      cd8c031ba28a5535ec566f66e0520db45bb3140569c5f5f867dc33e3e05028a0

      SHA512

      2647c566e5b7a8296b9912e1fe00d5d1d8de5872e7abf3db581d3d3f1f21ede44e9161da1a3744afe0eb457422511876f9ca73bdaa5c123cfded5398f9cdb31b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      640354e6aa54411d8c30663a9aa25d31

      SHA1

      a364c0e1b65ddb42b5f2df2fd723ad8c9d132df2

      SHA256

      37b93854f960b448ab0a1d159e7c0204b06d16a73a6c30d275e56e1b2cf6bc8f

      SHA512

      fe63b6c2afcd9a9c1097de773112933bf9ff61a67904ce78b0146bdb4336b913097c9004ab259ed8cea648673a949755c2a28deb1baa42384e99b6b30e6c5b1a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      21d651cff5ef09b990b4e03278e1a43b

      SHA1

      d3781147ce349545e4c84ad23b23a2b2fdc2361d

      SHA256

      8f5b7d7df925740c612f4e6f5e98f95ff73b74ede69b54a36fe8efab9a67254a

      SHA512

      0d993ca2a160176bd3cab14fa75fcc7c6dffb6d1ae00e12440e4eaa6ca90f02cc1c6822627dbc11e2f88e8de764a2021226d425f1e485cc6b2dbdc4ff10197f3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2ae7ea04a872dbc84f2f24cdf4706093

      SHA1

      c20dba79fce83eade8beb38edb980e71a81a7c75

      SHA256

      98284874e79a9336958e2abbb14de5f5c381b3644d78d6a0bb6822fc493a396e

      SHA512

      6e3e3895d43f73b8c850a910d0fd0e934cf354851e2b1e4e905460e5146d4e5dc8c6dc807c41621e7b2182ccdf4c3e90e72e3ba5289f964659ae8f8ab07f5af6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      91f800705cd99e38ba10ace3df7c88d4

      SHA1

      3e7c2dd515ef05c8a5c6af68a5315a9289435906

      SHA256

      7940cfa6a82eb4d79b71a5c459b6203f14ca4a4b4f0830a73f49d46b76dd1b84

      SHA512

      8b6bedfa4c77576f05d9881e4424f52da6cb0153d66ac44e17699d19b0e3b54bf78b75f26c7442748e46e28e839fde8aa2b3194f517d0b4d771249fc7bfa982f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      378de4e9a1fde002d2c876e066bae0de

      SHA1

      b57f6965de444f16aaf4d52982f4b4c30c564a11

      SHA256

      addc28e77e66c12c740b3d42f54aa09ba1d9229e33cc49174c9f304116a82d90

      SHA512

      81965879ab314e78843ccefe85d28062e4464b2ae6689461a720bcf7e5a920b71f1824ed49d4c1c23799dcce57ae1fa702cbd49d7f46ec0c695392deaf02ac30

    • C:\Users\Admin\AppData\Local\Temp\Cab49C0.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar4AB1.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2600-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2600-18-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2600-21-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2612-7-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2612-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2612-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2612-14-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB