Analysis

  • max time kernel
    139s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 02:28

General

  • Target

    9cb86dc64ca83459ddfadfafefb1d408_JaffaCakes118.html

  • Size

    122KB

  • MD5

    9cb86dc64ca83459ddfadfafefb1d408

  • SHA1

    b9442fc1201a259f3e80570b6d1a5b4606beb2a0

  • SHA256

    a40007c1f4eba93cd96b814bc7657be2497895f1f6711e18375c4251f5a2d78d

  • SHA512

    512bc977d24398687aff8ffcaf2825d1317384c0a1dd57601640ad2b354566ca51e1a10f04e1c513c669d95cdbeeb3d1556f233eb950f45458e234e8806ae174

  • SSDEEP

    1536:SsqTzyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGL:STTzyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9cb86dc64ca83459ddfadfafefb1d408_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2412
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2376
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:472074 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2888

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d4a1f1fef09e3464354f9f42e478992e

      SHA1

      341a43de035eeacb5ff5b3ad48f75596c12cff1b

      SHA256

      9c3668a9868b6d84a36a1542a691d7d2f4ec92647d56fbe846b9507081d4f5fd

      SHA512

      3c0d52a2d7541399e430f090e64c1b11b310fdbd4841ec2d4c73597e2fdc89961cb9601f6583ee025588a5b628a57e438ade3023ed1228aa92087f8fc89476af

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      63265d9f0ec9a832922f73c956a13aa7

      SHA1

      47b4372fc6155e78640169935abb90ac3526c73b

      SHA256

      29f4d306b67fbc01226d8315d9e04e3e5629424b8c4e3747fcfa72d69018b68d

      SHA512

      45084c0f31a66c1c16e5e11ee62f7eb14ad0cff0ffdf6b426db7d6ea2db656c6b3ef7e64cea0734133646a30cf6d173042b2f67abb119235546b7b1215d1faef

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a014d1cd6aa8d27cf63f44a257fcc9e6

      SHA1

      38aace827ad531ee4c0e7f898e26412b8e4ae1a2

      SHA256

      a5fdb9d26ffa1c0d5e4a67f87e4dd09f90bb5a7c860e1bd6264aebb8cab18d2d

      SHA512

      5ad3b0ad5b1cfb70bde168a8e13d1ab6306b2c2f58090c12420779a841a5c58386b533bc44ac085ec99dccddb7e77a7cfdd82eafa280df4911d37c3b681f5e0d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2db6b44af4d8bd692491906a41738a5a

      SHA1

      5bde8f79543b771080ff1b8d8091c392f60e788f

      SHA256

      925f6787faa2ec8ff9d743b8b86bfc87b3fec04aa5158c64da247652f9e9eb01

      SHA512

      f8f76751697d677cbcc4470d8448764da55c649eb2f99c52ad1c9c34076192ea307ab9bfc4980c7fff6e92e6c71739d4fa1a89130a6498e97882b1062d465995

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1795019664b402a0a16c32d5c1b78418

      SHA1

      d5ff6eb391c8fe1ae017277e4975308bba53bf73

      SHA256

      1f3551c97a271e0ebb1ece65832a1b179c05cef8595ca244b3817d21d0f211c3

      SHA512

      ee5184b09b3471809ed5f207588d785bf4b9afafde0563d0f1aada0ef3f71603b52b0426be8415658adb9cbcaa710869aa2cdda802f3eb139fc53880fefdbf16

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1008aa22d4114e1981d7d765c0dbe01e

      SHA1

      7cdaa5c70271a2423428cbd661fbcd402d28d068

      SHA256

      8911e0d54cbf8055c691c4c00926ebe2f0d0c7a0863d7782c1a11d8b6d92316e

      SHA512

      9c156bffa11e711fbb3059202747afde1201390e6ecccb643437b793a88782f69d053e9ed79670eff1c594368f054eeadcdd979d1026cd0e8c587fa1d0d990eb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      75741e8144a41589b581283f8c94e683

      SHA1

      785d6ba67543a5bd43a5346c1b16cc076713c7cf

      SHA256

      a8d8785201b233a1f5e189beac221df4c5f6fe15574f4cb8435bf3b32e5ef0b0

      SHA512

      287f07bda29c881f39e1f693556129be400918570a07d88202f866b251730dc54822d84cf1ca7b4ff1853fd1382c13dbbe581f321c5863fb0505bd4a75df28b1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ccd0dfa67a7742713f082404cadda9d2

      SHA1

      60153714b127988936e10aaff4b307d8647ca797

      SHA256

      894ba0e756ed6b1ba522be0a34bc770397e580a60bba4a03c509e11902be66ae

      SHA512

      d6a8c2f91d33e13821df068c404c2596076781c217b96ec4c3a10e5263dec103b64db9bee09c4cd310bad168e09ed1cff1083d6a1ce53ba1b69815a46017f4c9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1427423ecee4dbbfe4856e0605d6a2a3

      SHA1

      389e9972f506ab908f137f080cd65e18ec8d2f96

      SHA256

      d07cddc9c58391eaf6f15c68eab6f6019761f3c73bfebab318980483cd1684a3

      SHA512

      7e0d130c596183fdef1494a1dd0f228e5543d5dc15adc96b5e96626dada10e4a89c822b64fe465c174a5e7f81652e9adce2a527fb5b3129f6883a7b4c7edf978

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      887a78c5b061a30669bd9f7558dba459

      SHA1

      74e985fb6e963e326a85c88f59db7fe05ea8bd15

      SHA256

      ac785ca4f32b218b09b96f1d2a6506b3ab9946a33d93fde9e4d1eb68e14c3f47

      SHA512

      37c5a4857236f3ee0c74791212130fec715ccb6bcf6a06a9327c13c4d4a783712fe997aac21cd4474e4fa90b59bcbc091d641891010af142000d9aeb0610aa64

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cb919e757f96fa238ffe3776d7afb8e0

      SHA1

      15a2e222347b5c2558952b6ca6f456199a3cee10

      SHA256

      1fe0b6dd6e2107c5dc250b19da4f65b913d1db01203983da440cbeaed6ecd1ef

      SHA512

      c211d0b9c841b492af8e71e07ab4d19914ec429a4b4ce7ca765241d646d96772f5648ef7640e418dad115f812bc89fb83cc647b0c6918d6d224ab71ae1453a14

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      56e886db1f73e6519c64de31111bd850

      SHA1

      f384f85a715b27b8b98292eaf5b2ccc753fe49a5

      SHA256

      0de2502b34500f4306572681ee7d8cdc90e158a48ec469f6875664ec013ca755

      SHA512

      5d14e5f63b986f178527f56dbf6d51c52db6a44be4df2bc0ee6a62ffcf208f73750a88098069c6b6ad72386f698d6be0d3e9c5abe543055a44ec0bcabbc0ecea

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      71abaf0fc70398538fa5f38433854471

      SHA1

      d5df538389e208658ec9fae9e2720aade53263f3

      SHA256

      c79ccd3e385ca98d479ac5b894feb505bb2f7840ffcb497103d8bb67586930b3

      SHA512

      8c02595f7ad8918c88fab617d64ff89b8167e63a1cda142834ed3f61330f9f4a47d76266215e3c12ae0969fb23b3ac24501cf1ce9e363e19c41da2b0aec268d3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      34927c1926e97a055084f90f8f84fe55

      SHA1

      cd66c0604076b27652b57625ecf87d75ef80babd

      SHA256

      bd7726cab2074d903edaefff609b4a2f125e78ae7792a1896d3c22a07828e035

      SHA512

      7359c6dfa6a572af9bf4c2275b642ef38f4b2075a1342432771cc41f01bf87c4dd5630e210ab0ba482642b6f1a3079efcaf6103da71f138b143279855e47af11

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9605e28b465a4b286f5918c1bce19d4b

      SHA1

      e44964b7f9b1351542566970c4f23bebee6615a8

      SHA256

      16b45df6be92ca9116598530e6b646007b97fb91d3ce415d95c464e0de576757

      SHA512

      339a0eb2a4f35f0aac36cd3c10fe502583679cfec8adf75946f1fb0f88b90b9af0a95a83a17e1f9b3e12435e2c3de0c5f3e5bce7c504503293aecf555c943baa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1a5267dc4fd2b6d42d72ff9f6d2d4e1c

      SHA1

      3273b4f8ae110b4f5e3a1476fdedc7b615f27a2c

      SHA256

      4461e3ea355963934dc6fb924523c84529736f620a84cfecc6c25061aa3e6ee8

      SHA512

      8b6aae728fae3a305b4195f1bd1eb27f80ca5cf1b937df37fd84e3ff8b77c8144b398832863bb4798f8d2166cea74e22b53383517df12c7cf681ae4b8d1b1630

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b124e0180766d7217b3023659c37c2dc

      SHA1

      3407c414b2fc771484881bde8a04d6cda2e4557a

      SHA256

      8ab72b0012dbc33da316a14d200db2dbeea0810545c42492f15ef3f192adffdf

      SHA512

      e72a98e2ad2495c95f2b9f6a8efae7a54df6efd9075d76f11138e7615b6e497f5bf1dbb6d0faa74bd36ff8ea25310f3a5e4d3c1f907187c34c2f000b1545385b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      08600a7a938ce2ce7c3ed0610460f76b

      SHA1

      f1443197a1803eeacb8f2aeff22ba47fd993c4d9

      SHA256

      d1d41a7f3378d92aa7cbb8d047ad537f43ddb3c4a61ee1c8a90dfa5f74a8f314

      SHA512

      ec4188a387915d07b1bbd669dc2418d0637385a03b06666cc713b250bf2ad4db289fb8edd0ea32e3c852881f6d9a88544d6860f3168bc3419aa1ada867d0d2ed

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c537b493eb008d5fa87116a841d546fa

      SHA1

      5c884b4f710e23e35892fe9d6157e2399dedde23

      SHA256

      285dc957ccb76cd1f7cfe6893c74c27f887457b6afb991737af9f727c9a80cd4

      SHA512

      c440dc85d5be45a05bcc1d5df072f676b3c0389db6a14bfc7b9ea65ff4b15eaa654b7d1094da967ab1e88a1ef27668b809b444d92ca678f8946ff24be944d1e6

    • C:\Users\Admin\AppData\Local\Temp\Cab34B8.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar35CA.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2412-29-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2412-31-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2728-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2728-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2728-19-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2728-24-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB