Analysis

  • max time kernel
    138s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 00:18

General

  • Target

    9c6af1d009d361c73877d55a3364c2c7_JaffaCakes118.html

  • Size

    154KB

  • MD5

    9c6af1d009d361c73877d55a3364c2c7

  • SHA1

    d70945db90c1eaab98cf4c9f4e9efc3b56917b7f

  • SHA256

    8f1a0bfe8e0b37e0f6f820f8b05ac62a20ebde90da1ef331d0305768a0e8fcab

  • SHA512

    3187e9e8c2885c86a043b7004165ff996487260b9cb816059a25445a26ddeca89c02a2768ebf10633054652b8d12a3bd3b7436620451d5c244cdb4c2511418f1

  • SSDEEP

    3072:i57Pc2MNsD1syfkMY+BES09JXAnyrZalI+YQ:i5cGD1RsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9c6af1d009d361c73877d55a3364c2c7_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:808 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1044
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2988
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1752
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:808 CREDAT:406536 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2044

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3eaa8ee4baab0c3b1122ad3168fabd43

      SHA1

      c9175fdc6b6057a73a1e31c54c88c17226cae4c5

      SHA256

      2e4185c1deae544d5f3bc73d2daa98da0b681929c6e02044ab35e412bc10e6cd

      SHA512

      cc04319f069e13cfba6fd258cb0108b12678dc247d056bf51c4dde655371508334978aa6eb5f5eb3f392911141c2c769516c2a685a03ecd3af45c5f6d7242813

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9830c71450ee1fbcd58dc577c8ede25f

      SHA1

      622fe6a051e7127157c0079a01eb74e0fc607bf4

      SHA256

      9b207d1ec122b7353d82aab34b74d349fedc11ca570a6087bf1909875cd2bca6

      SHA512

      561b53cde41d8b904889f2de15c8f6ec0a7143468da11f22a7f6a3a273b2bc19ba5515f9666b131fed5457d4c3c31a51f1e26d39f2b04aadcc93401d5017e2a9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      209b9c43e90bc0f0cd2aa419b1474744

      SHA1

      18347850c76692e2d768a19fc69b70c0ae120bad

      SHA256

      90c94d5b05519eeb23ee055788d5444c064792685fb649029bd25a738b9df9b8

      SHA512

      768100e3881409a791336a59491e3e991316c0d3c47e8100bfb9f065e98c390e92fc1b64499233a6f1235e739f2456ea78dacacf1c45700d5a11c6345950fa9b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cd0c8311f468d1d81f7f553469a4d68f

      SHA1

      1d59959944278152a2947318ed2d24e3ab0c61f0

      SHA256

      a10c56eef7f07ca807348e15fdffc5498e86c15059997578274372ce01aa188d

      SHA512

      176e14aa28fba51ea4f90ee3a9dd7cf313a52eba19bd646edf34b28543a9d86b0227bb57aa32d32d3ef7df8d667f71a961ea6794a0546e4dc5f47c5b5b916b10

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4171f3bacd87fd8570298c3c5c29c4b1

      SHA1

      261773acabf36e5b4c4731cbdbfc9c6317a8db62

      SHA256

      55f31eaf50981104c800239fddbb14fb74bc35a56fcf59aa01216567c3a4bc7b

      SHA512

      521343d348a06cec72562eb6fe9f7f7f96720dfda161ab17f87f413a476d669931b7558d773bab94e3805b2f83080755ef9d8ec251af4a991cd2720b32bd2a66

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bd16122e7b5a60f8d20594c1a740202e

      SHA1

      863a00b24979181da87580e9b9d9f05d834e80b9

      SHA256

      99616fb22dcbb6c65997b953033c61ce45dec1d59db23c62ccb263fc270785d0

      SHA512

      ac8f210624b79a0cf1ad1abe1b54dc243703ea349d560e6bed9730eb18645eaafec9fde77205a4ebac1d3f690afe00c302462f66fee52d66f811e58a4533a9f0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0687a40ccf0adebacf47dfcf2fa1e648

      SHA1

      7f17141451b02a2a288570dbe9628a76c438c062

      SHA256

      b3650a7ccb6f46cbc4d8cb7336aacc3c15de93c8fd64c42df4be6c5c4b3a210b

      SHA512

      14898be86172da5cfd1b925bd2559bce6353a903e2fe78dd7447daeb04b43b4ea5557ef8ca18c83ac06a8fa1d07533a85ffead9ff840d919012173e80519ce9e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6ae1ec107f224bc0fefc2e026158a39e

      SHA1

      d32b7a6380624606c4ba45440bf4e37dfff5444a

      SHA256

      07347b1a254362b91d7fd6b03e00773d0f743eb77dd46f2b2a5d3a5cfc1beadd

      SHA512

      1279640a962ce9f0c98feed24bec398fa3dee2b25900fa76cf6d1fb3d9344c079f06ed70c592fc350d32dd2921e020bfd2ef3a676d016c74a833851e875095c6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0405f436dcb8a403d4b1e3f628cf375c

      SHA1

      16b31e098f5720eb0c96a946351f0c8f654d1f2b

      SHA256

      ef56ad64b3c5d66c127a52b775eea2f3007874755c7264f8d13a3434a2bea50d

      SHA512

      b945bc7c6f6764d99e3bf0c20ca8824cbf1a0a1fed8a503cbea53ff366ca4958ae3a3fd12c0549bd79d1f9804233f974544e6a5d767ae999a76aeaf15fe7d25f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3e6cf524e4be8588beb8315e1dace93a

      SHA1

      b9e29b3789fd57541ce2f3de128c5e861604df55

      SHA256

      d772409134010f7e564af18122fc73545bb4d24697d85061b97a07672beecf7b

      SHA512

      e456f1381ae608db9f8c32d2db3909de325436bab26415f4a03ce353af8889102d32a4cc65fec882ce4b301c36d72ad5204c8bfca0add6beb5b3f31f9f3abf08

    • C:\Users\Admin\AppData\Local\Temp\Tar23FC.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1044-483-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1044-492-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/1044-491-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1044-508-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2988-495-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2988-494-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2988-497-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB