Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 00:20

General

  • Target

    9c6b9774c8f622e994c0ba8dd015f887_JaffaCakes118.html

  • Size

    158KB

  • MD5

    9c6b9774c8f622e994c0ba8dd015f887

  • SHA1

    e49e09a93fd42bb75bea3978e2e0e64a5f94bb99

  • SHA256

    1cf11d2e3985dfae0ffe793d03da63e95601ffc92af1d70841c8c919ca01637d

  • SHA512

    b9542f7c858f3fbdee1ac511ee592f7071fada20be8ec10d12a17f55edc152ea9cbd52caffb92a439bb85ef8a95e6432f4e20e0282afdf758934e2e71c7b74eb

  • SSDEEP

    1536:ilRTP4me88XV3yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:iTcF3yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9c6b9774c8f622e994c0ba8dd015f887_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2860
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2912
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2312
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2120
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:406544 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2552

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0b88d1109a94147fb9f91dcf19011193

      SHA1

      118074e499f91436fdd03d6252c3a087f598b56d

      SHA256

      96f18690439e0f1745dd5137bc72f720bb35fb68add3dd61099bd00ff020798a

      SHA512

      22460492f550e265066e0b1162e5a1ebd0da90387e9f1975f9f317bcd0e0ca5fa9780373f591b258e19e4be28a089613965f8ed4d03527ca5b3a712ab10e4619

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      defa9b38057f0311cd9fae266050b451

      SHA1

      9763b17834ab338c2a6f07fb51115b3751da55f7

      SHA256

      6a5a9aeaf269699f4370603717666fa07066b59cf7f378b56079c9be5acb3c28

      SHA512

      4200d42336c7afa4e086a3b9498e1f4a903e49d452cb73c813b26e576e726d593d56c9b91f703713a66ce95206df073bed178a63cca9523dc814b779e434ada3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e27a0c8ec11812f5a27d6b5d6b97965f

      SHA1

      d737920d4d693bd1110a02d3913fb6d09b903fa4

      SHA256

      14a5ba80a831ea162a6e62588d539a8bf4a7aff568ffe02e0c2c868fdb976a50

      SHA512

      e08cdcbe6527acd1dabaa137743ab0b538b4eeb98c6b5c9013176a5b6c12de782db67f862f3b726412f7fa4dfa6cb6616cc72b860e69a73dfc5e1a712c64cc66

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8c92ab36821c0c69b3640de38bea7251

      SHA1

      49ad330031b033b94c0b443a4660b93660941ff7

      SHA256

      374f40efe82f6ba091821d80c1cd1faebc41b088300dec2d78dcdefbee35950a

      SHA512

      eaf3fb3990906d96da2f1d660f65ceff8d6a4b8e34a0363cf5a596e648f671067e8c04db2f6c486b728eb3576009981b30f9d42244746a81fa60462f9841aadd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      472d78e207710379a634e7413ba0fa92

      SHA1

      4271297fa30754dbca7803869861feae749407dd

      SHA256

      d8fc64a106583be891f26ad0dffbfd784662f25b22249f59838172ae825dc808

      SHA512

      d4286f085dc9d224cada048592e726d9f426aeafc5a8f523ab25eb00c8b2196629c1cacb1171883ee470d4ff07c194b95daab014e543c804850e47fa7412712b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4725f9515836055755b4e24d79314e31

      SHA1

      dfe599997c29f4106e927cd2aa966ce21902e40c

      SHA256

      538493e6065d156b4b12f9e2f45af98b1d872c3e787f574eb6a39929144e4dbd

      SHA512

      4eb69588063ffa1dc010f501c7f6c7e5b3fea4c0f5162c704110ee99c3a19e698ace055468ba941d1a7019e8ff8da4b61f3054168e5d61ea9574b75caeafb062

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6066d805510e23bc5b8edbbe5b4c7035

      SHA1

      cb5c7518a72495f2692ebdc6ec37e6d5fe52282e

      SHA256

      da85fab2f200c6d678e0596e35e3c982b11bf81e64b86e241858e6d5a5d57329

      SHA512

      c0ff30ed93fffd97e4d2165896351913d36afd47d7462ca2c15ac5f0e5f15aa67f61824b2f3ffc4b5084bb8a9fc78b7a77e5b2914b887f90afe221d7281e7b61

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8a1d837a4adb0f043100d91da66cb1db

      SHA1

      bcdee2421255759967dff22c06472772c677f8ca

      SHA256

      63de244a2bf44e0e802e06845e512036136a477635427357470333bab93bf117

      SHA512

      21e775d7f028fbbd59f505cf59c6abe44edbca5f840329065b0920ec54d43c10bfb9e8c3e6300656d838061958148f2883db42e445d5c9df5d408c90fe018880

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2ece3eb0985542fa3979b880dd149047

      SHA1

      519994560806b00bee34bd9a4f855e4e10ce6022

      SHA256

      8c217810921ac81079644bf330b0e4f3e83ff9df623f77a3bf2634d33f9bcb95

      SHA512

      496d80ff9d55be0102b8fd2616a114b2dbff8c1f1c9acec006edc2b1395ce1d7b8302392cdaed23a6a10a6da49716bc1906af5f98b7a679ef56a508e70d50196

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      55d679d138828a9bb520259910995430

      SHA1

      83e90cbb1bf3db0edb071713fa20bc49dce50e15

      SHA256

      2cfdf9d8415e2ed7a5079451018f8cee658c9d4464d16ba2f396ce18f882d01a

      SHA512

      44ce2f81fb63afbb16ee359bd922864ae7952dda539dd151c4ffa23a22d2f3f82838b4483f81601b6f2f7f7bf711d7992b757134c31bc2418f2ed6d1e5bad316

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5b491fb591b7a4b6dc596fa8be4ea9cc

      SHA1

      dca4a8faee33894a0c5c2950f500930923956390

      SHA256

      9c2a339ae679f83fd3630c3373396d6f20f4306f195c6408dbc7010dd943e90e

      SHA512

      fc0624132a1abf3a7feb201b63c25442ef45043dc2861d57e58430f5ed4b2d93b9c8d4c3a3cc737ade6a1bc01573d426e7b5b2176492e40c527ac465174e246c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      216c2209a820fcbe9d541b19da02c329

      SHA1

      5395729a3aab69bccfb8bc3cc135275bcf878c51

      SHA256

      0abf2cf3a558e9497840b3de55de15eb825ff68749756d3b5fe9caa4ac59f7e6

      SHA512

      370dc21ce7b0fe1d0c036c7ac7b5b68bf93190f6fa6b70ebd233c69535412197a665103fc3ff63271a97c6289c93e43ab1b48894cc836ef4db4f63a4755e7efb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5f41411463e9f0420403d64252132cd4

      SHA1

      f159cab869453c84267ca9b5ca56414e4e450871

      SHA256

      99626b186f8928b9c2f75d954f24992d473ed961423098875530174dfe0ffa81

      SHA512

      2030197a745941ba34d6eb352ff2bfaabf957eb6a0214a683e83633b2ab8b808122a4327410186132d583068a6effccd36c1c318afdf45c528d9a5a75410d17a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b7781af788e4d11c60fa0bed70fd606d

      SHA1

      a7b999331dec92fa674e246340424766c453b87d

      SHA256

      d36f78adea30f1e27894d95bf8509bb2ea23d3a61c0461fb8a75164b845b473e

      SHA512

      89fb576caf2d11f6250e66201be87a2598594ac51cdcfe02092237607b1a859d0b9852695d098f44b6849b9a2c4b405189c329b25c36a5d04dfde9d6ab896644

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f3ef6d1efb0d5125ef07c637403563d7

      SHA1

      48650f44ee8be434503c6c0baec60dcc394ffbcf

      SHA256

      219c1f9b41ee2fd6d8b973d11b8ed30dc2483ec4a31e8be35824232ac10cc443

      SHA512

      ecec2c8d6f30ce269d12af517bd6ebd60bcbf7a99b3846bba814c3a0c26ec5616145868ab577664c489a97443d78500c59afc7d0b70f3bc300fc390f91dc9f06

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8deb0d3b4a6428ccb2480488618de4bf

      SHA1

      17e23af62afd171da071d7975de7205bee1e8f03

      SHA256

      733a5a0a9db89d86913e986087f213fc5b715dbfbeedb8436206a342d6593037

      SHA512

      eb36776bf81a7334ab457564ab9ee3b814bf03a1b39df6cfdfe6ac4369ea081e77e38d9b939ebd7cad7a64bf650e4decf5292ce36907e35c2516928eb387edaa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      414f33b4614ab41b7f706183658a5c7c

      SHA1

      1989a02c77a484a334d48e0bdcbe5c498f90d725

      SHA256

      a2764eb2423053e1f10a0d834541512d88c96e836185667b4abe89a0a347e7bd

      SHA512

      6fe2db6526b17fe6f033ae44f19898e87e3def233fd2af4e6d63149ace53aa842353485535740aba4478a9ba0536d8228971f00a2b601681708408e167706050

    • C:\Users\Admin\AppData\Local\Temp\Cab1DEE.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Cab1EBB.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar1ED0.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2312-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2312-490-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2312-491-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2312-492-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2912-482-0x00000000003D0000-0x00000000003DF000-memory.dmp

      Filesize

      60KB

    • memory/2912-481-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB