Analysis

  • max time kernel
    127s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 20:53

General

  • Target

    9be82acaf487c4680bc03cccf0b944e1_JaffaCakes118.html

  • Size

    158KB

  • MD5

    9be82acaf487c4680bc03cccf0b944e1

  • SHA1

    8adfc7032cc4d1904c70845b3529bad4364ad7ce

  • SHA256

    28b19c2adab351eb0c79dc5b8228b92f56be1540f0c5055b620d40736e20a728

  • SHA512

    5aa3b3ca7ed1469747efe716799ee052fbeba36d0c4ea90ed712dbb30314c8a4db85878ff07e14d8cd0da469eb0f82f63bfdce86ee9e1c861f811cddbd5c359c

  • SSDEEP

    1536:ivRT3p8dKKaB5FyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:iBHKm5FyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9be82acaf487c4680bc03cccf0b944e1_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1980
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2000
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:3044
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:472080 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2236

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ac21f9b1206789428f311743c89df4d0

      SHA1

      55984d05f8b9d39e832d1a6afe3ac68e8f1d77a0

      SHA256

      80517be5f4959f541c2463f516e3df6b2882a134142754e6c24379242bfd9b25

      SHA512

      698097680aee03a2081043cde413f96a10197392d44d0fa2067e9e3bdecdba9ee16771bdeda576bce2c307fc68ecb3c3d247635f18128bef0eeaf7de1aba1aad

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      994498ef25c70c993179aca857814f40

      SHA1

      929ee5ca955bc9b024746548bd33aee29ae3e4ae

      SHA256

      0b4eb2ef5b53c13391b41512eec634af8f596dd8201d80a77888bea7e47f2934

      SHA512

      13bad8129e266045a08df934c3da3a3cbd403d643a3e432b92e8ceded63b8853274b5497df44b0bf30fce75bd9fe507b69dc026dd0d5771d5637f6c2df23c5d4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bf280fd726abe3ec65a9b623d93aa8ce

      SHA1

      fba9cdda7f8d197a0f4e8d608fddba6de4a79bb3

      SHA256

      1cd1a4027ed11e6bee20a925c1a52c2c2f5dcf027c859d1d1eb673b0012d35f0

      SHA512

      7bb2943e324a737cd2a4e16942dbb3abfa0f2a7d22a2d519d0e7a3206d35725faf8527fbc793a8b1e399c0d33e3af3ef7dd1431a9f745616d37d3f105706690e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      11c61ceb377001655040fa5d6b7f6291

      SHA1

      5e52ac7b6185f7dacbd6779cab0525e77bc11f62

      SHA256

      80242bf7e229c52fd431940d922837d8104233d460d8b8b2c2edaa90d42b2191

      SHA512

      a04ebe78c18fc603648b020a7c22caf7ed4acd3455b3fb4636a0e9b55d2ea5d53041b52fa34926d563f74ac74c07889a51199967cedee3dfa2c0724e651790b0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cd2b6ea4eda8fd155aa1ce9c08a9707f

      SHA1

      23a4e7ef316c08c3b131cd33b3a02401b6c67103

      SHA256

      7bc10d7a40219ff76bda55ddd50099a71675ad4d959529bbee7cf80313684f0c

      SHA512

      9b055c0c2d6ecf1813567c77f8527373ffad596b6f1d2811bbd9d25f7c384f07f15c8bc9d0c5cde4d35df589089f50c2b152ee9685d9e90c11d78347452e8025

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      03260aac3d83023d483e1f00c5e744c1

      SHA1

      0b0435839575bedffdb7aba35e4b721fa150dbf9

      SHA256

      a2c7504d31b84631cb2eb12e15635e654f45ec710b1d41b918f98a23cf4310db

      SHA512

      5dfaaf93be4438b0b0634e072d1799c1d69cfdf0339766206a4de618f7d739773bd26250d331f860feb3f0bc6f727436d830d5bc9e03a8f88c09d3b8cfcad5b5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fe707d583d5508ff355e159585af2af4

      SHA1

      8776b02e5597ee23390cfe2d1f58cfb8482b9821

      SHA256

      412e3685c599cc2788cd28a2e5c8759d43763fc3cccd9f85692c2aef8363c598

      SHA512

      d66f153828e53ec5e784d51f3b9ccd33d2717e0e6c70d51d1fa1f0139f75b214b53c096fa44dc4b2184d09992228dd389f27baf091f2c591950602b400b52f5a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      faf26a7a1516918e3c2fc83059b16371

      SHA1

      c7fd343f84a79e3908be19bcafe3569062b4579f

      SHA256

      2d517e4d710a82be372e01d47de2c0b9bb63ce783ab5d7ccbfb72eed8fdac77c

      SHA512

      a728dfe9836e5a2c68fad1898f9a0b2c4b0701262f635b7bb76462ab22e960455157f2de0c6756f499d3ad9cb1a9b1173a901d6c5a9ce9803151c50fed4bc10d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cbd3b0b438ef12f96e34b80b5b20fcf6

      SHA1

      9f17b4f811b81dc67dc8ff803d2db503a8eb44e1

      SHA256

      ae51f85476b17fec2dfcef0ab293e0c3aa770b4100cb0c643ba2aac4565593e7

      SHA512

      943690d056841f99e4278c6e2e3ca3f5e3f78a56c4fe68fb98d04ee8a09cc6a9d0e320ff1aa1104e531c2209e22d37abef7216ebeb77469989a032f333276668

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a6c665c21f19e4e50af326741b300e51

      SHA1

      06808bba3c4f5f2b33dde9f02e377618188aa8da

      SHA256

      dc127c3febaa143651fda48a43b928275ca189d2e425abb9028a36d46e6e508f

      SHA512

      d64e9a961e971dbd2063657f3cf1dd30347f1c40d79795f6120dbbc46d2056b4d443e5d8cf857fb0006a2bfd621891ae6ed0283bf7c09edfb31c47038c4e2afa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e91ec92f2142b1f8ae64eace5a4b3ffd

      SHA1

      18e674ef885428ff61d2a6cabc1212197f823df6

      SHA256

      e1da7c0f7b07f714cf38bc49756798f49c52152ab37e2ba5deea30948e51529d

      SHA512

      16abe953ec1ad49fe8b890008ebe7acce11d90b7ea43b5c2804bbbb248f95a962c18aa7dc72d2ee1fb2057e48ea0a8c2ac77590600320f3724f48f6529892158

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e3693ab2bf0dab6a4cc03048c09a5929

      SHA1

      70ca4b85afd67fd2fb67c16d0b1456a27ed2af23

      SHA256

      c1fa3ef2c313b30094c8921ee5e80c66ab3e1d0c20a74904a2cc0cc632caba33

      SHA512

      6decbc5e3d389c6ca2a644c51d6d10b51c33f1ff9729e9d8ad9803e402c2ac807cdd490cbb3ba0988e1ea7bbe1bcb0943912a5e43fa69b5071f5db9e518c529d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5a3920222b29a8558bc36bf32984e667

      SHA1

      f5975fff4f1e10d11b436e689a9d9d6400bcd189

      SHA256

      43a2308d273ce44ba12cbabdc78723aabd8e7dab6e6269434bda7fbe706cb078

      SHA512

      a8dd2ebea1db5ab9402f308d11c0aaad6e02ddd06303d3024a7853df96c1da74752ee411be2ebca622f254b3b08a3e2a9b6078beae0ff6aef1c5659f5d2fe68c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      708950dddf4cad4991be6df8b3669bac

      SHA1

      dd6bf1912de3cf3f3108e7e2951dea5c5a3ebf17

      SHA256

      1174185ebf87556583c6ec1ef23710d87487346922c3bc74451f4671393fe96b

      SHA512

      0d7dba796917e02efd6102bea4b1c9e99de8bced911d5cbe94ef19db883cce0d95ec658c80118613b79e7fc1d4ffcf5c29083473dd97830433554e3e98580b15

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b4c7c97774c34a00eb34aac9c4838980

      SHA1

      cad6f88dd6778b73a4c28a59462cc994994ce117

      SHA256

      81451493894d81618a3e978f1cb8d00e67c30fc47fe84613d0d938b3d14d81f4

      SHA512

      f85d529d52065d22855db88ac53c7459de0ca1df3042a81f6ac204d4daf50f7810fdb78e8db133e9ab93e74ef0433dc2915aad841a72457b47f6b91e0c58be07

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      91dc4496db20223daf7908353437713c

      SHA1

      f514b6295d4bdebb3e78fcb282275ee7079b6af9

      SHA256

      f7c6b9df7f66475f1393ce4972371646ddac5b589450253a49b150aaaa8d8d1f

      SHA512

      0e4e22b8bff74ad995460658880d996bf583e29b63248bf0adfcd75c709790fe817bb7e86b2265451aa708478ae19f7caa878f08c573d6d63e6e96ae4647c6c4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b72446d5ac067e4c5338db5af05c4337

      SHA1

      c95c162d077100419343652167c5d00d3685c178

      SHA256

      2198ad72ac18d2ad81302280058f809b9fa457c29048da54d768fba1e75be0b4

      SHA512

      83e70733422d63051eb69b428a731999dacd52bd5bb6b181e1b4fc5b2a0f825544898eb3c7ba4375f53931b3ecf74cabcb20144e88943776dbfb465d57773209

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      acf03fa2d9ab8971362d8f808218db79

      SHA1

      38bbf9ee8385a80810cbd13b42bffd24fdf8c718

      SHA256

      96599ec8606aeea3eb0fde10d7ceaa8952b429ea5a96533f906fcaca93a7a83c

      SHA512

      7897529284253ded41545c4d40a71aa64dfadd395bffa2e20fb886e20935cfb46a978ae42c7c5b78593046470941749d2ac298ed748c3675017a3bc74f3481fd

    • C:\Users\Admin\AppData\Local\Temp\Cab1EE8.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Cab1FE4.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar2009.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1980-481-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1980-482-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2000-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2000-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2000-491-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2000-489-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB