Analysis

  • max time kernel
    130s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 02:45

General

  • Target

    9cc2679398156b1d939a32c1c89a7e3a_JaffaCakes118.html

  • Size

    155KB

  • MD5

    9cc2679398156b1d939a32c1c89a7e3a

  • SHA1

    59a79dc63c62800046d94f2b3566055d672f06df

  • SHA256

    4c677b9924039608adb2182973aab608b8ec724e001d0f2481d5130ba4df6317

  • SHA512

    4ecfca3ed7aea65c485409f43d222b6bccd5896d4d407078700ac720a6c3e4543918bdb9cbc1a8f529794df16a6b25b993c3309a37d4e76d5abae23e16ee2fa9

  • SSDEEP

    1536:idRTAK/Vg4rXyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:i7pgmXyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9cc2679398156b1d939a32c1c89a7e3a_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:836 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1588
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2352
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:624
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:836 CREDAT:275468 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1268

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      252B

      MD5

      6f5ff8a2df45af1b34a98220adaa260e

      SHA1

      26734c66aaaa1281fbe1772ce40048bf3ed1835a

      SHA256

      a3a430711d60bb668ddf4a7b6fedffccf75e064d25b9dbf6660a4e6b8b958d40

      SHA512

      eaa074c5cd46e9dd2a069dea1e6b9dbadcaed645381db64bb7ce129b87d8e3d8bfacdd434ed4b5842e1bb8b0db39a5140b75d1d439ffdc76a7505e853ec6504b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eb9e0034bd0160eb5160c028c5dc6d2a

      SHA1

      94a16e10b8af2b7299142c117203baae6a2f6708

      SHA256

      6070e8b34a023710faf8322c445f0a008464a9aeb127d5b87e82e44ed0b8b60f

      SHA512

      c5a375aac9d844edd545ac671b6b4f1878c24c11836095a6a68f305a32a6e4a2b49fc8ae5a1d7fba4f3a4502921d6d69a9fe62b52be75149a951ad168c266451

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      93a4972b8f3883e85f38f0c4a7df7dd5

      SHA1

      f51c455378a6b1aceee482d7389adef0f4e22502

      SHA256

      9e0a0f1cb7d7147f5d45acebc78122aa66d0e68f9481d61e5dd34941186e6684

      SHA512

      cb872b98546e51c455a03d04ab83b943920ebad9db940ea4d5c2dbfd3d20f6773b57b52c69f6b226a4cd99a1166e7cf4bb0ba4939221da982d09606dc9c78e1c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      308fd6761df42246f8d877342e4f84b6

      SHA1

      6cd12efcc7d3d165c37505a302d742cb0629ea7a

      SHA256

      d2ad70963870ac8b21a54c7f9aa2e0e3c6a7f514f35736daf05297303527639a

      SHA512

      0aaff40c1b1f66b9fd12f9832b26e0f2e31db39ecff60ec02e4fd68c1e76480a0829cdd4bf3957e1e4e8a07ff30d133b873ee3bdb3c48a958afdc8d54d51defe

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c69f72432e0105a21a937c660a46303a

      SHA1

      b9f93355d485646ada5fbc8009f42de667b7a94b

      SHA256

      5396f36ab17256b50369bce7a7acde3ce65de21b4c9329b928e9d3bd636b98eb

      SHA512

      e52cc708e0975a697c41479f1f4bdb19ccd9f79b83d0f759fb94d4c95ab03c89e93ef2a2670c34505cbbd85b09b327d0d53b3326074fc74bcb65e0461204ba0d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      68a9f181d0a648a21bb59cab16034b63

      SHA1

      cb7da66bd0cbaf7e5dd88bdc0a67e305e262b33f

      SHA256

      bbb56caf37a7f26a6c03b4cbea139f524ec30894922870e244d1ccc681e0f2e2

      SHA512

      0d34801d9c5a1e9cbfa81dbe8d2161445b6429a2491fa287336e55a9f813cef3642fd6c05c60a38790effcbe3a80f742b1c3f8d128bb10eb8885b7b10485abd1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      edfeba4e47b29c9c0416b4acfd35fde3

      SHA1

      e626513e7b999ac12a74c5c3a9cbfb7c463fac01

      SHA256

      9b2ec1ca552c298a18f0ab9bab19e3f9989496e9412554741d3065c012dbf991

      SHA512

      4614e24ef4a9318944febddaa52ad2a84dae85d69c0d83dc9542fd5e18603fa577a360bdc47459f8d51e180fc27025e981b58ce6b9d64ac08ee7f184291c6b21

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6341a5f09e39e0cc09a72ae2da5846e5

      SHA1

      57177bbb8a72d4b2d0ea2e263b055f2494eac94a

      SHA256

      22982df3343e2c1f020100baa53894489c87dd64ceaef9ad8f3b966e62cc78c2

      SHA512

      58083396992813d10a4fc39d441ea8dc63a66bb5447e8b8390129b2ca56585d020ef6b2bdf88d43762a3877240b0c005a296e590961f8adb05aa84b4742eac10

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      989cdb98f2d1a08cf066bdb00481fced

      SHA1

      7cea6c0440abb47ba696395af066c33c702acb70

      SHA256

      9aab2d4c0bbb7824f01f5960a80d600d76afb3726abb443dbb46551cc579d6c9

      SHA512

      64d9083c34a7d4604a7761d535286f49369ad00b85e9af4579d1d9bab11e21ec3da218351cbda6baa3cb1957b014cd434adb25c18591ca5022e6242309a2a772

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8e53d540d92eb0ead33d4b29e2bb6770

      SHA1

      5184ed34887279aedbd756d43dae709b8bae312d

      SHA256

      9f19d7ce7cd1fe65cc4af63688bbc6ebfe93c555e2e1b8f26ac1d00bd40c117b

      SHA512

      059e415d0ed3174bf2ca0dc568695b892e3f56cbb27234053e686d7dd338ddd4ce5e444c0f7e0867b800be93f467e89894df2db108ae1b94dca7998d5bc77b1d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8b3521a0bd47a7ab4a875c84f5c0e8ed

      SHA1

      5890c3bd2f13c0ade79e0932c055e7c189f09509

      SHA256

      8d0cb7fd5d23183a4410610edd0b7bea61eccd64a3d461c17f38dd3d6817364b

      SHA512

      431bdbd2c94c360b809371260fb75074ae949a018941aabad99acb48a7d5256538d8bf4bb4684fa520cd60dce6b22ae105bc13e5e0c3e02709fe75c056896a3c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c5e311092707ab3b497e979b6f30e83b

      SHA1

      d2788e84251f8c4cb4ad2d2c44b18eb9f0c16375

      SHA256

      ec0d7efcd8d46d0eddf5518a95e8e0660b5cf7c8736cf534384364a7305016dd

      SHA512

      eb4bda8f42c34ca48687fb11a8533f257a27dc1c1509a158e99f5e1e5bd3e247bfe4427de958cfaf467b284d1d53c9a756c9603a15b008c1e37ad1b3656003ba

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      00cb72bd88ef19495c5c2daf79a87400

      SHA1

      811d36a48b1e8f0d4240e5cba43a5d299c8559ad

      SHA256

      7e116620ca09981b909407b116fb37870d3e8e3bb445dd4acf4f4b0eedcce2ba

      SHA512

      db4812db42a81437b534a474524632297dee0c1d6ba6a69be32f945547a62559d696b344f8fef9b631373d5dc1f9bdaebdd1d7921c9241b4ab37371691cba55f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4d4a24c247fc21813dc19473b7c718d2

      SHA1

      c86cd5d6eb54dd39b7400fe07cdddfe5daca9846

      SHA256

      cac0248583d17fccc4333594925c1b903475dec34bf23f726fb81c825fb01454

      SHA512

      07fec8a2a5caf90a13ac209a1e93498089fde61dec6d12968f2bef23667dd9de32652fbbbaeed61cbe281ccb332a40dccf5bcd44075620d554eeb357e221999c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e9e7259455a95b601aa1a8928f63c898

      SHA1

      8c1d4f09cc6fde519ca4e3e72586b97b642e0ec3

      SHA256

      2f8ab434de1f9b72bed8089ec9f92806f455a193bf872915f377133bb5ca6690

      SHA512

      bb5adfa4d1118431b00c7172628b5c0b3e4093be0b4d62996335e349df46f9656af47af8fe4ae4d4f4bcaa7eb030d3e9872e305095f0f28f51d2343169cce23e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      02f0d4191daae4af3eb2d39bd8f3ea0d

      SHA1

      3142d452c539b0d0c3ccfcec5ca5fd78b05fa919

      SHA256

      ec1aedccfb32de341d3748a0ab73169f8778f65ae0c29f7fcda25360bfda723a

      SHA512

      7c8c81035742eb6836782b457cff50caaf3d89210ae6f98d600664c3f6e8e7532f6053c1dabee210c476531d7ab5d2f774904aac7fa6ea292a7dbe2241721d17

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1778551411f1b1599a091ac6cd641680

      SHA1

      098248a63a8eaae061920b27ed487362f884074b

      SHA256

      d658c4d6c485fba0030156ec52533ccfd078ce162836330a3972fb6ad0fda246

      SHA512

      0882f94326f90601f7e21f616fd5fbc331f66d4ac5666fa74c69a4ffe6849b02fe097665273170b233445c2800502d42b6b03323ed4062db12add0eceae35260

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      50cf954c3d2758e251cb736dd51d33fa

      SHA1

      07145ec63b9a7e3b0df52dc0371e1cc6f07eef3e

      SHA256

      d462cf594d15d7914efa606a1b249c5449344b04cd3ea775def88dc60110925e

      SHA512

      536666a78d8935a48b252d6ef2bab5c06cb3ed54c1d4789b36016ae33b1374d9118b6bd23ac51c7ef9aa90497427cdbc3221e418c30fb4bb573d88e0655a7cd2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dde052ae59780ed477e35e9b8481a6e3

      SHA1

      b77935dbfd5a379a6a0a680ceaa9fab92d72bbec

      SHA256

      9e369b296caa70275171f67e9130f6281dfb35b53b2ce84da888ec0d2a8c6071

      SHA512

      6737f2d17286efb155b1ec264fd77c570d345ffba489cffbc121cdbf0cef04766dc84780dcabaf9f5cff19f411e9d13ef4316959f42ecf950a23562e2cc3eeca

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      08013df7115feccd4e59b943499ab5a7

      SHA1

      cd298aeab0e502106bffc04d819e1d70e49b92e8

      SHA256

      4cc6bc8dc1c586b3189999961e2a42713907079c5edf2d5ffeecffd307a2433c

      SHA512

      f43592f99e6410a3217f89c70582b58e36af70d6b885b5d907e1158229691ae32195aed31edd104373f54b79e9e639d7526358364c74114d29294c4c66cf107a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c68d0543ff3c3ca538883ec14f029cfa

      SHA1

      7adb0e2e7c51b981f40f07ca17ea63d3fafa7424

      SHA256

      1296d0140c9e32f073368f692119301efee7adae865c96fd8f6aeb3bca82af26

      SHA512

      0515586f44ec370de333f4b143debc670529fef26d1361273afd473011da81175cbc64d56b46f6f10684f4fb591f3ad15d3b45125b71b8a4546aac0f54525bf5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e7cc92c66ed5b864b8bd7d2a79c47249

      SHA1

      69ddaeb2295d1c0524c1229300c89f4af4b0fd51

      SHA256

      b2e8d5363c7571382a2ff8bb06fd2a3b465e14080a1286390d0817f7bb4c9b7e

      SHA512

      1a517baae2ebbd0224472b748e28dad26736eb929ceb4154148185fc1993c6182b9485fea8e42ca838001aee8a48e3fc0d646a029cad69f00f9a178e25422a04

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      242B

      MD5

      cb09b69ac5e9b86f8842315d67d91508

      SHA1

      f75c750e32c6141ff5fdeea01557bf5919c1c591

      SHA256

      34fcdf7b60094ab779370bde472d2749697b6b2a8d021a97672e17f90b6b1b1d

      SHA512

      64159ac22d8872d87857e04a8b74b6daaba8f4470e82c075ae51e83b8525e57b5ac185f06054f2fd4023acfb0eb4dd2426cdf81487414949e78f86f9ea15ddb5

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKESSP6G\favicon[1].ico

      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    • C:\Users\Admin\AppData\Local\Temp\Tar9B7.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1588-577-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1588-576-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2352-584-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2352-586-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB