Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 01:31

General

  • Target

    9c9580e8223553cef9c09dc91ab8e641_JaffaCakes118.html

  • Size

    117KB

  • MD5

    9c9580e8223553cef9c09dc91ab8e641

  • SHA1

    b59c421741cfa67246ee58397d3d7d20b7c942b1

  • SHA256

    182dd1cd9d4755ae15f414cb451a322a513844d91da8ad4de5ee9fca97a3f0fa

  • SHA512

    281582075adc3c604b25e940bf7307439fea0d7fb0e0c5da05865a1c7eb1456a3ff8f52c9fbe0515202352f4ca86b17498f417507cad354970908f8a50038722

  • SSDEEP

    1536:S8ZyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsn:S8ZyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9c9580e8223553cef9c09dc91ab8e641_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2796
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1708
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2668
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2580
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2484
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:209931 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2488

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3484c6b0c0b8ede791e33976198769ab

      SHA1

      43539e050c58a36a6955f906dcc47a32ab107f69

      SHA256

      7bec35f1d5297726aedf0d52ab34ee9c0607072fd967724c64cff88e959aca56

      SHA512

      c327efc92ca7aa80759b0e39d41cea9019b912930c6d31ef58c9966139f8a9289ad0b6e4a9fa3031bf15040d1d130d19fcb5d515ba6cf1fdfb77c164f93a6ee1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eb142cdf3fc800e05c034d1884978c72

      SHA1

      db74020c0fd914f21d52b1120c24c9ec930ba469

      SHA256

      3eee78b44032d4a01fb6fdadc3b51a806b67385e26886e75344f19e445b7e17a

      SHA512

      f8415a8700dca02105db43fe74b2450f78436c34ffa6c584bc1424508cad3bc333e5b5fdbb43a7d99dea3faa0ba6b9d0a6368e712e362a20e44af29f285db71d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2983a96815a8190f7046ca053ca4549d

      SHA1

      506e1186c46a424dabf9e2bba71981e0f72544bf

      SHA256

      d7331d9d2e5907caeef85d2dad28657aab9afe5d886bb4b8536df8fbb6b42ba2

      SHA512

      39a89c11c9f371fe6680681c3a2cac43076ff05c4d8bbbf10a8921984f19016e4893366fcc09e72d37413ae2fac2faff3b98a9b1a0d0a55e829d04b6918aa7fe

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      052602bace7963d7200d023f39cdf9e6

      SHA1

      13b2d19c30b311d290b5fd6f637c67a6c5314db1

      SHA256

      937c70db671f04c7f7495c985a334a0f6dc6f01429a89caa825732a9a47d6628

      SHA512

      9078a91ceae2d38bb02f9c5091dbe0b2a96cb67d898eea5860aa44f0baffef1dbc7ff15761054158a02cd109dda4fb82a62c9a3bf3036a8609b9fcd05e7dbbeb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bfa1b9daca565d98c0f282ce20f99c56

      SHA1

      322773b66ba669c490ad7ca8532249e1268ac437

      SHA256

      ca3d5d1ff861270a187537246f1a02658e33100b1ab4d8ece6ca4354c1d54f90

      SHA512

      08a2e70d17a135d010bc60591fd47672b59977fb367035d8adffa0140b703087e4eb38058d3e8f12b8f358982411b94c729af3269a701b8106f1340f143e7797

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4d2c34ee929bbd8359eb76033fa394eb

      SHA1

      48550118498cf1907995ec8c7d12e5cfa9101d16

      SHA256

      2dfc5f6c0893af3ed12900740b32204a0ce96e852099b1ad009284c0a3a68b12

      SHA512

      15b19a6f55ab12d2530ed7a96ab552ca7b675b5de225c03edb1c67b0558fcecf67d68c52499b1e5838ec6c690fd57376790a1c06e0aeca04f0e14f502bb955ce

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      19e9fb2c86f5f252589ccc95dc8c9468

      SHA1

      70581b9a33d83e3498b855a70a08f5fa46aa2697

      SHA256

      826fb31fb2930762cdef7a7ac7dc3588c20d1988465e79509454e475e64f029f

      SHA512

      e7a30b60210300704fc07564f4ac833f4471662681f3a3f4ccd89ba7a44db35acf420d95e552f17502ebd29217adb26ce51007e42612bb2c239d7ac3cab306f0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0e0ce8d28a896d6a4f79d77f4214c250

      SHA1

      2f5475dc0db97124837fbb7d9302acd3cc20a3c0

      SHA256

      4b7ef41b88eb88a223ca56b474872e445b93cbbe30e92cf75e7936237bd5e669

      SHA512

      aa54ca7cedf27d9f3faaf6efd29f5e5d2d4e425690967b40dc7f6f3d9fb4aef9308f641c53c567090fa5bcb360e4c6070ee0d121e294335fbd70d208d7926d8d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      282b5e7cb5169afee034aa9e33167b1a

      SHA1

      fed656b88cff686d73f5b3a5b79ffaf1d330d3f0

      SHA256

      0561fbb2862e98efc78931db5842e78c59ca5057cc3d2760fc2714b96013937b

      SHA512

      2ccdce24f06d3744f986e43fbb793adaaa9f9bc2194735897ea759b39b748ba5b2e407b8907fc21abd3ad0024f0203a26e86a14820bffbf9a76f4ae4951ae79e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4008d839c7d50f2ff2b5dabb5d5696bf

      SHA1

      0d8b6059e03404f4a0e07d4f7cb94b14228bcaec

      SHA256

      7d90dcb17d4a6c9db07bce4dc396a441b682a56e3267dc3224ca6e0cd3e3a5d1

      SHA512

      4703a3c68e815d35022f753592038922e83b637a7b0ba0cf4d73edf16d23a1a38206b9d116c55ffd153208db11b9b5a8521141d3f940cea3b1878bcd74b7c853

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      79d7e2d4045a2a73b2dc3c66f5db6b15

      SHA1

      1657a6810cd57fff90b8dcd480aa3844a64cc31e

      SHA256

      88b62b238197e91cf74601be19212cc29b1f25903c264cd3e1c92a5ba0b728af

      SHA512

      fae932e6c644d13ebd21d68b6082bd49ce1cad08348cd8e819355388ce456ad416844c389032dea74993af37fbfe0121a1bc71af3c09f2e053204f360c08bc37

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b2c574272696856dc129a26beb44ff91

      SHA1

      e4979eb61a8be3ece5f675a7eee84c4016694a3c

      SHA256

      27b7376dfa2be36d10714030c43ebf0b4c0a09283b48fd6547bf0f81846c7794

      SHA512

      d371cf9655c974bf1df5e5ccc00116e3b1fd4d9e45b6c90d2dcea480665d4d52f125484d04cf884898777cba69321e855c1c91afa45c58a0fee5719ebb80b558

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5c7c1150a608d567bdcff0a7499b35b6

      SHA1

      cf8fc6e2e3dffc6a927ff621293afd96ce4d5890

      SHA256

      a9bdfe41c9e113c632bf4a935ab7761c66092e787105778102eec8ce346e7901

      SHA512

      36d24cbf8b4cb4a5457af1d6957ee65a5709e56cd454d1c9331578c7a18d2294ab7c48bc5bb89fb0760f840cc324f0a02a00a689b28e0cfbfb74e99b56d07a8b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dbcdd05e32eb5e228d8f388a54ef2091

      SHA1

      188d9ef6f2042657406946b78d4546249a9af284

      SHA256

      a9e61259a5650cc47efdd2d16befeb492e158f41bc0972e7d24cf1ddfcc07c65

      SHA512

      97882fa51172ea1d2c8da0cb385981fe3cd361487ce820e7111e72da254aa21fbbecda95a38e464b455e16aae58f231b4f8fcb9c69757b213727014a2f102c58

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d421930e89f8b78b2c03d0d8b7837e6f

      SHA1

      d228bac7ce078a902e8aefacf5cc88093206258d

      SHA256

      0f551040e7c88881a5fe9af0fa786ffe7f991e3d8138cf06b70b0b946e2b5db4

      SHA512

      fc69471efa8eaa3d3d6754f6442674d3ee4e9e413fe540456bdfc63141840665088df06944bc72c74132c16137d3a5fc4359f47a1654ce765239a38a8cd72a95

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5043e82c34ea8dffe9b2f1b7d3c373d6

      SHA1

      e55bda7d555d6991e4d0ae7195a89923fc9fc348

      SHA256

      9183fc83a635965c22932373088240103adac58d6f2c9924751822ed0aa23dbb

      SHA512

      e68676007ca44fb96ebe764cc100b3b827d28529f5ff83f5a738b9afac8d0e0210c8cef86b82fdfc5515c609901667b661e838e2a40eb61dd41e475fb4279bf0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fc233f6a85504871d1ff8aa9e2a88645

      SHA1

      1e1f68fad03eed891011e6b3a6b85d5d507f508e

      SHA256

      52a418533a70f7154e1b7cd66074cc8a8cf7f79758cb750c52d377ddc80515a4

      SHA512

      4c3abce32cc7888128c71603ce8754cc145a39d895754f7e2d213aeab064aebd8b7c68b8cd8cbeef4342b185a5954310dec991ae53e19bed5563e9e492233b07

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2bf48f1a17899034330d18c32a46bafe

      SHA1

      4d84546b11b2cd90786d537c49867cd32ad2946d

      SHA256

      826d0daf6cceb54c1841d87b56160d16d95fc67ad93e5cb7e9fc9bbddc92fc2f

      SHA512

      3e4abf7eb7ff0d20e526c61503f21484ac9dc0485dafc1ec2f5b56d8a1ddd920892640c5a92ae93f38550b351cbcac5c8da5c34655ad611ee5a5a48fa0d012c5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9a916be237f5878b2f893e2fbcb6cb49

      SHA1

      6ab0378fd71628ee582c97488c7c58ff3d0b7776

      SHA256

      4e4a44221567637feabc05a5359d371d96deb8921e2a98bbcf361dfdc390ff73

      SHA512

      07950ea5d5c7bdab00f97a9f5ad1953a1a056ecab5f6bb1afa99c61c83fee1e6cba456fc1f138e746d7f64a458f95980b758df377074b94f5593d2fd1b7ca9cb

    • C:\Users\Admin\AppData\Local\Temp\Cab2CAE.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar2DCE.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2580-16-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2580-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2668-8-0x00000000002B0000-0x00000000002BF000-memory.dmp

      Filesize

      60KB

    • memory/2668-7-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB