Analysis

  • max time kernel
    127s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 20:38

General

  • Target

    9bdd8f4c23628fd6b05275c69668626d_JaffaCakes118.html

  • Size

    157KB

  • MD5

    9bdd8f4c23628fd6b05275c69668626d

  • SHA1

    5647551b111b0f975ecfa850adc6c329bdc470b0

  • SHA256

    ae913cf7dd5fcb06be93543b36139df48ff68eb9e048886c4461744497cdcf20

  • SHA512

    fb86bdbd777971cf3ed3b60c1f8fa980fd50d9375b1d035526ccbd29c3f92871a6897464f3957e1f64d2195a524a4602784e59c68768288eb69799fe4ba110b2

  • SSDEEP

    1536:iVoBtC2qRT1ulGzA5BJvEJe/a/KLmEBN4CKNMJtddSaoAaA8xeZrSnNMEVTuyLia:ixreZmSRyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9bdd8f4c23628fd6b05275c69668626d_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2976
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1360
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2180
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275471 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1520

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bd025908d59b7f26938b5387fd44bff6

      SHA1

      3c6b67eaa77d0c5d185a2780394eb568f347ba9d

      SHA256

      1ab18a837d63ee00c8462fd16c50658073fc8ceb977fc409c11f789c8cfc639c

      SHA512

      da45b8b64763e9b9d692db7623192d827d04f0e1ff425eac6b5da9520c55a880e7d6e9b88e7978f54ac8c5bfde10ab749a0fe40ce2fb12c7a7f242b6b3982ac3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3c7e3d36e2ca4c879650d66adadbcbcf

      SHA1

      ac71b6cae20a8b97574636cc8e889ddffb70e073

      SHA256

      4324542755af5099cf39ca2154ce71f7bf51b5bf2856720b35cd4b43480eff32

      SHA512

      25d22863190c8db82563b1f90a82659c286f624b77fac44b4824c32c52b8949a4ccef4eda6f5f815dac4f46b2180811bb612c5023687b71e8ee121e319935a11

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b371765a351d83dff2e32297ee8e452a

      SHA1

      8e0ede313ffe123680529cef38ccf88b3f5a9325

      SHA256

      c14590c519d5eb4ece9d9059e77cfd53cc60c80ca51fa536eb512e3aea9824ae

      SHA512

      64aff3e834d5ac5ab4c3d6d6189c56cb526562df1f4e300dff9eddf2dab4c7adebd0ebaff1cd4c7374da389125a55da9f5aa38671fc3d591e433417a8b99e21a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      98fa5303ab268fb7def20f9d5c8627ef

      SHA1

      e429dec196c9936a0cf6df9a834916a6df4c3880

      SHA256

      cb7a1542aa45be81ef814fd0579ecfeb74fa9eb288fab2272d08e404a15b0aa5

      SHA512

      7943b07831a818399713299127aacbc6334554e366247d5ccc7c745ebf98d64cb92d32aa6af328d8f42ad899cede4bd96d9b3a81a3dafe7c3728c8ac49122a25

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5911af7e2f4745a8ade5b1b5ca024976

      SHA1

      80306104ed757f7c77deb997974117240e8160b5

      SHA256

      202e1c17f32f5403cfda828b7a246574115bf63e89d88c0c2724d0952e50e4d7

      SHA512

      afc6891219feeb72a8f576cf78212e4e72056c0a1c08248190059c2e1128b460e6a5807466ec17db8efb740d4b0ff16892efb647a907c84d9bfb2aea7d1352f6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      12ba3d2506b63a38fc832a9892622946

      SHA1

      2de37627ba0fdfb899b3ec33f919c787b830715d

      SHA256

      1c3c300252f1a22beeca35299be63047fff2203c1dfe305137fd751cbe6b24ac

      SHA512

      d0da5b8967f47a5db4db664b11bef6ce2e7021773e50c71046de8d432ca9aaf94ead4a7eb37988ddf86a952d70bb2210920af2498861ef1fbb1641898ab8b3a5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2f0db2b2e5e5007a3b0d61f01a340a65

      SHA1

      bef2dd3f3d200c134b45a70c2361bd04ae4ae7a2

      SHA256

      c802def42c9b38ca8105ed324ddb87128b5e5ae23439b067cd61742e01e7d19c

      SHA512

      e7a1ab5c44d1e40898ba0fd8ae1fcc31c346253919c57beec2de0a6bbc82351e04b9e54423776e2094f4c650886f0f1c0fcf451d36b554355f1f8f92c02fa212

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b9fecff958e920c4a69f01c6eeb0523a

      SHA1

      c86aaaedcdcc894eba53dba96f4b0cd473725f08

      SHA256

      a22c5f31bfc2f68e6dd7f57cfefc75481ef19497d85ecb8d8dd2c09aaaba574c

      SHA512

      3f3775b069b9b523d506e2b42e74cc8aab8e89e1d4b7f58e85aec7a75ad6732f63800ebb66b9800649ae34fe4081144bb44f1c53773d412329126720829bb525

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ff87d0734e1f5d12c0a06cd92b906959

      SHA1

      0169de97f9ac6211f5190a6ff617c66926fa0337

      SHA256

      1ac80497fffefc94c81f4a9ccb51d6d9ea023159532c91d28364036e7283f4de

      SHA512

      e9051e1bcf44ae85a48ec2480a5c5e90ab954ae55cad2fcb743a3a91dba63994172e89898dd642a37c2fa48ecd48bac11cd6460bb8453d47c764b46d548a2fff

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      56f4df2955c99a0116e7213e84f4f2db

      SHA1

      c1263e01466309f9964f29b4bb02de7ddadd2c0f

      SHA256

      b0cb6331fe700068f72a6e86dcbc1a2ba1dcf39451c67dab097147877420c8a8

      SHA512

      7999f6a22c22688fd2759ec555fc67c8be11cd70f2182b99c138526c886d56e5d24893cded5b5fb5334b2b667211401798f5d8016a8ddb8f3caf493272a68477

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e7f665a9d6239297bd42f7c00e896b34

      SHA1

      3eb11afc139fdd7f5f102af28d5ac2f9a9cf500b

      SHA256

      de63271f69a10c2b44bd48040c7107a9642e5daf5e34005c5a70a2f0af476373

      SHA512

      96c11899253dd346d4a3647e5a40f44540c56929acc4e379ad04aaffbe6f6b49e0e72541bec7be54a091fd1cf31090a41663cf86692ba3305e780b4b1d1bfab8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4f6f3399834600d230e31bdde7af52ec

      SHA1

      2afb8e7355aaa666c36c2e9a5453f3716c5d4ddf

      SHA256

      9d344b8076ac98b891fce0efaf5f0ccfa8e8f962381eb1db62f4fc8320dfa13d

      SHA512

      ac186a423c51e7173a66302e83acaf23e8d77448f7e89963e6549732c3afdd2ec299cf03bf973f18118a40e8b811cf003aafc225d294b29913e49b78bfb10f24

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a38c90a2009dfb8ce70b82feee813f49

      SHA1

      f6847c5618edcc443f357f2087bc47b702c71f58

      SHA256

      820883de7a9988d543dfd34dde004edc72ea9ab560eac07982d075517c4a891a

      SHA512

      390eac90239fce1986b99b2d926fa4665aea5806b580afba5b5ccaf1e4b16aa07a914c9f430b9bee9f9085a2088b61f5a6fb27952a4af1569960bbe0e12f86f3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9b410202864fbb128b466940e6955c2b

      SHA1

      b14b5cce57a71e1495c5f8fbab53058b0dd1d15d

      SHA256

      7169dff6cfc641368f4d1da5bea34af5813f42ac360646ff436c19854db92637

      SHA512

      e275e0b133297b8182c06c8ef73e045499bab44fb1b01a7e6ef433d9d9f0b13a09894910a591697fe056a9b5602321e3aeb17ca06fa1296909575ad7468c720f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3eff9b1298ece7269a5cfc1ad61b5020

      SHA1

      c7e068167ce1040affd24129b14fd83262b6ade3

      SHA256

      ca9c589ce8b2bd20c50ec18581c42dbcacdacc1a6c00dbeda3519bae1da067ad

      SHA512

      6327fb09bd0cb1d084a5f358ed813a42342ef38ee402d5974df88b589de88687161e098f5dd4093aa6d9798140fd62cfed64f4a9414d21622fa80e5f36f98212

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cff4519f47124a3afe331492348e2f35

      SHA1

      b8fddbe296767396008c00cb8d3ca00066693ed7

      SHA256

      df1cba92cba58076a21d776a391de1576b4067aa253f9fdf1454b536066aef26

      SHA512

      12ac706deb97153311f2bb588354a638b79414eb2fe3d92a4f6596680d8d132faf894e49ed43cd6dee3a919f0145f8dc1036a4b396a3f0fbe4caf5b6a65773f9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2a8ba46ad6c78e8697c6b8b6be5b7d4a

      SHA1

      0a55ab70cbb0790c1b232f733509a3ce882aab6b

      SHA256

      05d9a5b6045772e8ad85ea308c2ccfabeefa611070787fb14237f34e785fe5ed

      SHA512

      491824f6fe0ce721b7729eba2dfb5176a49d1f397b7d48ea6874f94cb48709c6c91a41459e6a15ac44bdbaa882d21607493da123e1d1addbdc009e1424640ce7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      113b93f19e5f33e66b8860b7b451cb99

      SHA1

      e08f9514548c98092e03029f976a50e36ef562b7

      SHA256

      cdfa08546ab680724f45158df6a5b1373b5721ff2420a8821475eb501fb8a946

      SHA512

      df3ce9d77ec8928b7751f739ef8a360308981f0e4de9c195fa2dcc59d22ec58a793879596e98e0d7aed30d3bf26abcaa4295babad2b04a10e1259b2e526ba2ff

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c0b7dd1f1a111833e511761ea07128af

      SHA1

      b43199bd672e58383a24f2406fcd37bae75b188f

      SHA256

      070a822d065c31047d6b9d484bd16d3348a3128b667bf9f42eef50948d1dc890

      SHA512

      bf25a7211819ac9740801f6c3688eb19048552f35446f9a667fc9f65db58229180441ffff39b5cb78ae063f0ad536a0d9951aeba32b3c124f1f0f3c4539dca93

    • C:\Users\Admin\AppData\Local\Temp\Cab7EF.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar8EF.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1360-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1360-491-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

    • memory/2976-480-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2976-483-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2976-482-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB