Analysis

  • max time kernel
    119s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 03:30

General

  • Target

    9cdbb1d19bae44c4923d7eb6e404db9e_JaffaCakes118.html

  • Size

    148KB

  • MD5

    9cdbb1d19bae44c4923d7eb6e404db9e

  • SHA1

    7c00281beb27e2cd703a4654be05d7d3d859e53a

  • SHA256

    0d6db6306bc2c0addfcfeb81765479daa6e948b55fbad2a5a17d35fb29c76a83

  • SHA512

    7fe4e3bc8f324581de4a5cdb810e316c60f1f6ad8d9e523ef27d0394c9326de96fe10f0942003bf38fba949c4c3f29fe877400310e1b298220136acb086a048a

  • SSDEEP

    3072:EnEkvHcZXkniPmyfkMY+BES09JXAnyrZalI+YQKn:HjsMYod+X3oI+YQKn

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9cdbb1d19bae44c4923d7eb6e404db9e_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2148
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2436
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2508
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2140
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:537611 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1668

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3564f1a2cf168db59a307832ce3e6692

      SHA1

      4716eeddd88ea59aeca16316b3b230b577b19b73

      SHA256

      4868bcf0e76d526d933002ef2115b9082a8b8d4d5aa829d4673ff6428b7d5180

      SHA512

      c740ed56562f57a800a21217b316a9d7b27122a9b423e61cfe3c7cd345f6ee8088364b44014f5ff3c87eba7493a6f9f5cf503ea0c8531569a6a6ea112951a0b4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8c0bf43ce3b49f095eda3c59bc6cd110

      SHA1

      bbc3dec74ab267afe8f2d28f3d17124f33c7932f

      SHA256

      3326e5ffac86dc137423cb40758c69112a65f6c4315e4dcf2c61da310262e8d6

      SHA512

      a8bf76981720bd04aee4b1f890ad6e588a3e17e40fc7c803e37503fcc0e6b36883d6289bb149aef6bb9088e60e1d73dfca50c61129b9637411c42976bdc12c28

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6b89a65c30e790b8b1a85f0eec285388

      SHA1

      3e39a1a7c7cf300f9db0a0d1a63329f76de460b7

      SHA256

      56878364b48fda49dc67139d3bb5899e2530e209c7b0ce9cedb5b4749238a76c

      SHA512

      e615a2a63982d366ada057dbd7a54691f58410f7dff3768490d563ce3e09ae312f84b01da90ecb8f6801c025453866a0390b205ca3bf7a0e2d7c9d4edbdca804

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      55acc16e1a7d0b0b8f8cbe7383b82296

      SHA1

      ea839a7924b7479ac005984c1bbb7098f16068ab

      SHA256

      256e699ba0d10c90a3e84702439a89b339c09d1dc5f19916f12cc3f9fec3487a

      SHA512

      f44d1f1d19d0716e545f466ce6d4912440753bbafb2983f13f88b848c83e34cdc45e98e731deb9adc9665ac37648277712d2d1ffcca414a082efb04bbb938abc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e5801861bf0435b3f7f7011353b9ebeb

      SHA1

      52d3a62f2538bef5dcc2938078124550f3d27235

      SHA256

      4eb297862487f13cb76495c663bf47531883d5abbf301b143206915983786cbe

      SHA512

      29c8512c6417f5fbaf2f696c3dafe71a8ed5eacfa0a557c348ddd48630c2eb119713924fa0a70fbc969e8153cf715f71fcd4d986a3f031d05f81415ae955f4a8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e6f56e0849b18eb97ec0706f7c657625

      SHA1

      92b19af3c1cc1654eb505638e696bb9d6b7bd50c

      SHA256

      687c24beceff5900a8b2cd56d8f89819633fb5334df1ab9ec41bd70a692a39b9

      SHA512

      1f896bb27b31f0b918afab65aeb8709f43c2059e8a1f6974870bb2d508a8d1ebcf81543817cadca360f81270a9bb8518da133e081ff4336e84295e93a30bfb1b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b6e3c05081b73e988a852222a80fdf9b

      SHA1

      0541a4003ec22e9558ad3aaef16f3799d8eaa4a6

      SHA256

      b57fdf8f8a53481d485712b862653454181ff7121c1534d50bccb9dca5ea5ed3

      SHA512

      0c009c8c554d25c62b0038adc0e292ecf48c6c4d8ed6c00226859435968ec6e1b321eae8122531b1a65ee40b068e7ca76b003ac643b9daadbf33ad69fa39c63c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e94249a7d64911063465ca538c90fcf4

      SHA1

      99c37f048e784b6bbc53ab7ec36e484520d534d8

      SHA256

      1a425b261f8b63488758228f8ccdce8feab916563b928a7a1b8abb9f90861849

      SHA512

      2cd6b225dd94e073b703d536d148d715d72669e9d101ff2f7e5ec3334aa2cbd54c1e158de76a08c64aa5c0bdb8509da2eef9a3c05ad46235c84703445141042e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bd086e1b343b8d20226da14ab73928c2

      SHA1

      a8640d3bdb2b7fb53a6b2ebf35831f2b19284743

      SHA256

      a2e14cbad413a7de6f57e4e3e120fa7d31578c9874a377f0c66030bd5487fdb2

      SHA512

      433643a45fc8f5e3370753220acf3c0bbc05df1eab1ed790303a5122c7cbef8dc9e2c535e501ae5b61b5fa24d2dc689c9eedaed17137e69c267bf35afcf59c0a

    • C:\Users\Admin\AppData\Local\Temp\Cab26D4.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar27B5.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2436-7-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2508-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2508-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2508-16-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2508-14-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB