Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 21:17

General

  • Target

    9bf4c269ec87bb0509285b2faa56d40c_JaffaCakes118.html

  • Size

    184KB

  • MD5

    9bf4c269ec87bb0509285b2faa56d40c

  • SHA1

    b840e44f4464c9ad2d2239fd03237ccda92c1648

  • SHA256

    d9c24d57188360b4f7dffa6438fbe8e76ec76209a6819613cb6ec432daa314e6

  • SHA512

    621f4c8d495755648c843e7e1ecac522ac84f88b11fcd8e19154e8fcd58cc8870625b75644ef0515a1ffdd24b4903e0c97208e46ee27575f1ba4cbe3ed69ce08

  • SSDEEP

    3072:S3RgyfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFis:S3RdsMYod+X3oI+Yn86/U9jFis

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9bf4c269ec87bb0509285b2faa56d40c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2440
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2540
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2404
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:209929 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2456

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ba9833e64eec7199a4455bc0f143972f

      SHA1

      bdc47f2c42a9ce1ef5809c343ec719c6107c03f2

      SHA256

      1da02d653178370a0177961936667dc62cdc506316d29b9c2ed74f94929ccd1d

      SHA512

      d76579f745334529fdc85a8d1069d1e8663eb56162ea6dfd62ac404a132786d69a3caa5ad86974c941b7c72828797eee7b6d8d930bc414e687eb69ab4b8e4685

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b464f22f331133fa1b4392e5b5f40ae9

      SHA1

      97325d54d8c6e06c6b4f779c0e3046b86fbe18c0

      SHA256

      a0149030856367f88cbcfa7f5e29b561dc98eb4215a43f29e036a861c7fd7ac4

      SHA512

      5959c27691aa24f81b6959bc603e39d2352076039e6b86d96ff3736be61781a09f46885bb5331f95282b65dc6161a00f71b35a5a133c9fe75bbf9e0dce69c9fe

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ad77652f0c1a1b9501573b85d894c010

      SHA1

      ea92bb266ca4843370a6d069e0da030499edad7e

      SHA256

      729de38c490660dd49e30cb408335a5cde87a47db734a4c0bb6c0c1645dc45f1

      SHA512

      0aed784e78d7cb02552c169a3553f0e9af548fe483bea27b7ca58699e263ca7ec66dcb56902dc343002cac81addaa4ad9eedaedb141e528470af26427a1e679e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      84396fc85e711497a9d8a26a48ef0a14

      SHA1

      9b4e48b29b48b5b0e4f8d1cb0e4a580b7e686362

      SHA256

      6e7018eabf8c6182c82a57575cc48cf146ce458f42d79e61c9bef6037f1767ac

      SHA512

      798744d78f4a3cbcd0bc1fa07bc68efe015e0c75a9f0a6c9ae16834061f600c5bca2d84063430fa4c51335c3e320ba47b951c651eed3effcb239b2b640ba68e2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      be5287d1ddad6c4eac227c0efdec338b

      SHA1

      667e60a7f6b0de4f2f7271c54f8dedee641cb82e

      SHA256

      e96e1d0b26f7a992123ed22c658f29f7088fcff604348207a5950166c3d47ce2

      SHA512

      1afa852af68bf9a156b6eb2126489aa29fa60f80cc375bd48525ba802281ad1fd99939b457473414cfba0966b482aaf80bdf54f6bceaa5261ec9388d266383d7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d8dc720d259e7944f471628acc9d1840

      SHA1

      65111000e8bf5bdddaae7317e4c5480a3f2badb6

      SHA256

      40865f96e4955b93f4f11b677e73de5846cd5527dbe40e3ae3d782f2c05daec3

      SHA512

      54e1861f10f0f2e806d2146d1eb6500cfc4fc276e576951652a3e6273d3939487439d595cebb7047b67089a039d6ae5b8572b185dafe4f6eb50ed54dc81dedc8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      39a62d5199f3c1207fccf47200f68711

      SHA1

      90003933522de6d123e5a8e0d9ef77c1102eca72

      SHA256

      2f330555b88028e414fd2a003c4aa9da8fb49120cd88d1e33c07121073ca699e

      SHA512

      b2d82b0d774960ea422154bc29d65a3f1393ba7ba9af52dd757bcb02fac6bf672351d02705f3d75cf2707fa41613d4eaf3b95fd356cc30f9dcc6e13896f3ed77

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      64f6dd6743288e7a4f82252fa097e234

      SHA1

      4c5401e07fcb989ebbde9132dc7b3946eae87885

      SHA256

      634d88193bf34babf9a5e1b24f3b7ab3611bc209c4f3278111bc22ac9164476a

      SHA512

      f7228de1cae0db90e25530020e7ebe8277e03b002202eabdfc5362c8b90af7c766fbc2e42230c8cda72e8cdac9bc3acbb8c68aa6de4393387609da53a348835c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6b19e1e14eabcd90df6e86381b6b8876

      SHA1

      e0deda2c7877992b1a81a15d4c5f9e9a1dc191de

      SHA256

      7b10037666075ff7a0f2a02723c586ae7a4b4a17b9d9e1fe5bfaec9fbf761758

      SHA512

      058803ea164a3d6d15dfe5c357ebe7ef501f93260f9ad09eaffd95a0f3f2448d6d8df001397d182ad6f4871798a6690923d274baa5143bd23962e9c54617ef9b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e4066928e0262a58751f7fd757c2c30f

      SHA1

      436903ca1b0002fd0ebb4c1f938c771f29c1e085

      SHA256

      434d75149a34404021d3e6086e22b3944395f44e721f0303ba2b30dca4d0acec

      SHA512

      d46be9b4c2b0e9695a0861e2e12dad05561b21f96cd201d696c2a8326e382c3b78092b3428067a18ab272c35f11efc0562af5444311a101b4f924729628ec955

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b936a0b61376739f400e4647bae37b24

      SHA1

      aa23c88eabee30a4b940947d97aba8b3cb9e24c1

      SHA256

      61e107a2539fa797d40d6e260202850f001a239d7f2b4030a05b8c31298ea5eb

      SHA512

      600e95c14c3a7682c960f46b583ea09b877cbfc4aca2c8a9c22c7fcc0898af1318ea051a18778fcc1be1235307c7a23b7f4ae64c8828be2e2bd858eb375a8d01

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f80bb2717942dfb1e6d3f3ea8eaab4f4

      SHA1

      5e41fadd93d6c027f42da4a9069b8ab73b66c307

      SHA256

      ef4eee2c6e0f049b0265ccb6733e0d9eb2f0bac967a963811c12eff4b0e80639

      SHA512

      438c450b8ca7449f6c295843ed5248d7e6c149d378af19f037facee56b30a9417cfc18a8ba563d354d3619f01c9df075f98f198ac17d2fab82802c521180f394

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6c31cce67c05fc528b7e12fe818cbfdb

      SHA1

      94ee04d3acdf5331fefc842992cca422d73cb4da

      SHA256

      775c1f6b1bf375a6b9963945f69fd912e981a78db3ee00fc49d5782194e1c9c0

      SHA512

      2a0a4e7e948f098791dbffe7d01e08d6ee206c9135c57168b575495638c16068569a9e1484368e2460ea838384a2553acf0863efdefd489373d9b9495a63e8f3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c12bded1fcf715dc4722ac02d47a045f

      SHA1

      7c202ad870aa3788cb3405598a6a4fd24e51fe52

      SHA256

      83557d6435b31c0f45f5e0ae32cd84ecc0583ff90a51b93f3e07bc1988cb3fc7

      SHA512

      ab2f5e2ee9f4e878fd949d418f51c3554f2d4963bda5a73cce1e9c6862b6c11f0bfc7a9e9bc8a8bffcd12fc1bbe993a0bcbfd384ecf4750444f0b7d2e840a284

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6dccdc9c69cfb60e7e4153d859708cd1

      SHA1

      58afb1c4ceeea717c3b9ec1b04e39f920bdb7ebb

      SHA256

      c543d0638ee5ceab5fa29bf5d59c38c4d43ae6bdbb9daab070a8ae8659ab0b5a

      SHA512

      0a6ce95a2ae91ff4b24130856f9a2dd80f22f1f95ce82cf5cec4bb684b2ab914f63e97c5112f975217adfa0e40da3e1feaf66b3bab411120ec2d60fba653792d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b8567671919621de2af8d49a2f4e9a20

      SHA1

      de6592eed44f15e8686030637ff6cb48b5494a60

      SHA256

      fee6c8461e728a55170fa45588c4414a78503d9a66f8f0d0db568ef744b925bc

      SHA512

      fbceb79b348c3357f36bd336fa9436c315bd708ceedd91f3a653cd4e71bb83dc32a0ff3f6cb620638014d7e98d1b7363ef104ba7643e596010cd8c5bf980b947

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bcd1716090f19d4b08dfc1744cf5f893

      SHA1

      6775e1d335d75e2e733c5ed97febd3fbf907d954

      SHA256

      dfc5300f703cea27dd4c5e902c0a76d2427996da1bdad000e1e7ea077a0167c3

      SHA512

      78614428dbdd26882b4dd79640aee0e68495c8298c905577afd32b2117b4257c6aa3d70ad29e8bde7446620b5862a665508dc9f72db942f889fe4212ba534f78

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8348a16bff8d66674a8ab1514ee05929

      SHA1

      a6f874f4535fe881fbdc30f04ac6e19544208ccb

      SHA256

      0bb6572028e1d2bf04290c5ba7a21ba98d58df0f60311067b8c5fa4b3258ccfe

      SHA512

      587c04467d35c9e4d1e7056b3ed67a40fa0a388ca4fb7788d3767e2ca33e491838e099d515d1e13f7a729ce9ad58e575b64777c9d816c74dbfdbcabbc161c1a3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      71ad690dbd56303b8978eb2fb5f3cf85

      SHA1

      9195b2259d01d876c04ee853c828235a4b9b951b

      SHA256

      61e78aa7aeeb35912f40485c0bfb30d0afdce00f511debd79d12edae2f6f3d8e

      SHA512

      31d632788cc7e87232ba2d4c781f9ef3b227c1935e680213f0989f74014966852027afb793e83ed80d2b80ec01aba50998e920e5e83194b8f7b86e90dab9875a

    • C:\Users\Admin\AppData\Local\Temp\Cab2406.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar24F8.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      83KB

      MD5

      c5c99988728c550282ae76270b649ea1

      SHA1

      113e8ff0910f393a41d5e63d43ec3653984c63d6

      SHA256

      d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3

      SHA512

      66e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d

    • memory/2440-8-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/2440-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2540-16-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

    • memory/2540-18-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB