Analysis

  • max time kernel
    133s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 19:54

General

  • Target

    a2148bf29ef3c45cb151a313afbcaf07_JaffaCakes118.html

  • Size

    121KB

  • MD5

    a2148bf29ef3c45cb151a313afbcaf07

  • SHA1

    c8a500bbb1bc783dcb5dbb7b74514fe09db213eb

  • SHA256

    fc69bec31c06b525fb315ab32a19603485d9108414969bed932164beec62503e

  • SHA512

    00b850e81a191ea508342aec8d1ee05d2153972fb58910c7c377f7d73e2225f7049383d2f19fee4fa916066d0783da50f271e7474b3521696b0db2687a4f99d4

  • SSDEEP

    3072:SymY2bVoshyfkMY+BES09JXAnyrZalI+YQ:SymY2bVo9sMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2148bf29ef3c45cb151a313afbcaf07_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2904
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2900
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275466 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2492

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dbd278f8f89f147cff6b234e54bfc85b

      SHA1

      e3810393b7eb6ff2705f79bd3c53ed24a6f8ee95

      SHA256

      ad4e9fba89bd6b1c61c39025642860af1fd0b90cb7602cee6b25175e2dba1d18

      SHA512

      04f26c674084c37769dc305a54e93145fe431ac46390716207735e317d5a81be0a3e835e4ca32c5067e58dcbe1a59ce23e1b8d23147989c6cd5265318c2b9597

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      97d8757dbbf7a49a83c4e4028383a290

      SHA1

      f9b39dacf52bb33a6dad48a23637dcace63534e3

      SHA256

      82b6bd25a750dd57e83aa386218d6717b7ed7199968233b58334ea5a84cc5128

      SHA512

      0df3f60059eeeaefea8a3ff0016401e5aa8048b35467a4a7cd1d74735ec9c37a53536a6d1ddf8d82fcef6f10cc6a2e285d2803aec96fe50b7e24122de462c347

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7aec5875851bed20897b86531ad69fe2

      SHA1

      94271a44795d4d0cf44db18155392bc15f3a5cd3

      SHA256

      972dc55bd2599a825c4760cfcf0cbfbe7f0936de577dc918a38b53185b709804

      SHA512

      52e99215732ccad198799a68a9a6975dfeac4526b28f008c3578f798eca7faedc4af52741bdcea55d5c9f10bd663ec23ff334517464ad4a288af94120a5498f2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a20d589c30582d5aa617c45974f78e62

      SHA1

      5bca73624b7dec75f2e7e495533a56b26f3d2ae9

      SHA256

      20a3fabb8416c77c3b8f41260ba52a309570ef78603f11999d0de093990c715a

      SHA512

      3e9ac7777ec693e6c4c77ff15b70c222e46829e346a2f1deb4050974112f0dd16a9226f9fb19c6d44c15b0fde1b60e03d322200aed2c37b6541feccee0fd8af5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      71f1b7946d21f0f7f361a96aa578c02f

      SHA1

      65073dbff32722d0574727ed17c9c6c0739a11ed

      SHA256

      e63cfef3631788fff5a5e9eedf315efc7d44c8d9474edae1bdf00f1efe3b4f26

      SHA512

      4faefb73d35b694d289a43a13d5d594e5d6d499e080a1ba01b1c99fb1d9805d1fe72fbd216ddd2c6f0c25ad1626709765593301fc8205b97e2891b78e9479c61

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      38574a85caee272d8cd66f6f8a5ddf5c

      SHA1

      6417e5d38192f4baacd909486840cd4dccd58a28

      SHA256

      bb28fe5f7b469d9b14910c5de1f74e141b8efd518d4b308a495d7d49f55c69cd

      SHA512

      da75cbf79802df38dfb9ed880ec3706307b15d4665331a957aec54e7b14b7243580169dc81dac875eb52fafdf945147465dac586589879dc896fa045caf72144

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fc7473717976a447136dc9d26e7878f6

      SHA1

      7c3699b732292d5f1fecf015cdf8059e39113a69

      SHA256

      39db684a886947deefebbafed1b219ce1686db4bdd805548c3ee448de92a8a73

      SHA512

      a20206917a89cad997b2933e658087950f3f8899047686b6061a303b23de9f2f83442670fbd4525a0e857586b15c2635257c977d80735ebecd8f0a19e7b6a8dd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a1ca356aee580d67d7c8862431bc133d

      SHA1

      4ce2bbcadc33079210290b266cc27e600cb38aee

      SHA256

      5b8dbdc64a9274ce6aca496625b6b980ab13ad59b5577d296af22419d5f513d5

      SHA512

      78d50a6645cbc49189c34e49cd966d188f6738ed37894d118683f1c1823b2251987996730e9378ff76e6441770b5e5012c082e272e572ccb0ddc4ad4e8b53a0f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      47926c673cdc183055fd6d3016e189b4

      SHA1

      805987391db360aa57eb6511fb26d2df3a8733f5

      SHA256

      697dbc119330d6da26650aa700472a94ae023eaf5ec84eaf261096eaaf620d5e

      SHA512

      7d7fb36523317e1e6d4d2e8e414cc977df5d2ea690f23a4fa6fa42905d9b807bf79123c013dea584c606fdf6309b139238b05841185b8ee5e0a28d635c764ab7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5625ca4b0c89df30d44e791d79514867

      SHA1

      303e3789dcbb540b6bc3181ae148c476f898ea09

      SHA256

      d4e948a53a745f0e1ad28f46053505f07a388066bb238550dd3939db2b1ed3ea

      SHA512

      cd180a11225f883cfff4b98708314eba95040f235566419e3c409f04364879507e91fb24a4e77fba3c69774505bc7846afa3b19daa34cb5a91aa8f864a748dd6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c846e816572cb8288ec78583b8e11334

      SHA1

      a9f2a7e0443f48bea4c5c9d080ec500d20a56e5e

      SHA256

      84c4341cf91e614884b718d925c07a223fb15971cc0dfee37d3aa0dd4047c3ff

      SHA512

      ba63db28e1376a4bf1ae8f1eb51ae96b2e3f024e5720b2e2c3a9da508bbacad100dbef2471e4eba171a8f0264f8b1c7758715eae68289e141db4d1fc1be2fc7a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d1dd937b40a33ec47ee2f13053817391

      SHA1

      9e4c286b50f6037f68acdc29b7fe77d0cb72ea4d

      SHA256

      118050fbba014189f22ba0a00b2745175a8fa7366cf79bd45a03bef9e2b3a5d5

      SHA512

      884df0f37f48a0494c8e2ab437db019401a0e53bba4a1eafc6ea4e37b29f956dc7e11f3814c2b0a684ffece631b9301dd8764a6223f29070fa296e04392d9173

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3d8f0625b94a34eb3210317b37a43c88

      SHA1

      81654e7a58122f1cdf20e7b3784aec2428c25af0

      SHA256

      4306e1ce666906640035228f6419f25dd833318ebcf1897573f4d1ac06dc7445

      SHA512

      f2daf7a2b20cde48cb8df6a6594f48340ad45f1259ef0900292c691e8a3cd2ec495e6c6346783f94b4e8aad214c39083547466b59853fe2aaa32d542ab9b875a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      07360ba4bd51743efac089f2a5478d8e

      SHA1

      243238d64a22c0f0e9734d27368b65711155d694

      SHA256

      1dcd40039f2dbad421123cef58fa80a261a4e59fa5159630b04b585f4b870ff6

      SHA512

      165afdf2aa897d27700f069635801fd3180734d4d8aae8ea0333bfecc3e27269857cd58608444b99e0509f11abae6fc722ca20a0063bb8e68ca9cd01144e8fae

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3c109a16dd136ae31f3621479e28266e

      SHA1

      557d78cc2134aba7f5a853ed553bdc6ebcf9be2d

      SHA256

      6511dc713c9314750ccaccf27fd731aedf5087bd9add5fca75c50020958423ea

      SHA512

      d3ddfcd595e2fe32aa31fc0c53b2f6385a2dd51654e4197519ef5e3f81dc51ba6865ba71e288852c95863880f6a0e0907faad8ac5bf9559189b856333463c282

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      66c0a48fe6f7bfac6d182ad45d8cbc7d

      SHA1

      91fdb5c6c935902a7f8cc2b44f99eb8d5dbc702e

      SHA256

      6b4d25fc2d5e24af52da53d610c4bc8e3694260df37ceb3f23035769060605fb

      SHA512

      b68575a8b63dea2b60a6b7d72c91844d27c840dbe8e20f7a161b1dfca8a422f4a42fa7e60387dd689af8d1f5f73bb0b5bcdc27d8421f4c1fe0c28e1167473a1c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      13cca81030bcef7ec34731ecc31c9014

      SHA1

      dddb8b9a055db74cfde980c749f580cf84b2f148

      SHA256

      12e861b96a2cc86187e0438df51a11b94e8eacf75ae83b3a8fff6b152ca65eb5

      SHA512

      e0e042d16fbbfcca5a6772da95cd5c855a432eb9627f459eba26fc9137827f12ebe1fe44b35a6487ad109de675c79eb132e15e2e08750d604a7d2182eac94c88

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6a9ff4be6d08f14f986236c4a58a2ddd

      SHA1

      3f4511c279d6b764240d26c1c8887f28d829ed9a

      SHA256

      2c3ffa570219c871f8cf3e6a350b51f50caece0b00ffc3d925651f5b24e943af

      SHA512

      08c55eb5ea7163bdbd80c046eb418ad8e12ec175e5ba7fdf309bfb749d78fd3266f27ebb05911606d8d3eca492957b0ec51041530ae42a6fbe4c875dec523eb7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      88c15af9510ec7d859be878349ad287b

      SHA1

      fe944619559c09f467833101cdf9677b2450e93c

      SHA256

      c33b9e2b9e46d4e745bf3a067dda83dbb252be2dc9d3719e2b6aab5f3ff84329

      SHA512

      568b7c8a1ffde98e7935c923e82814d996ad026511a9163f8819ecfc3b6965fe8845301c23e54897e9faec1ade725b95716ae6fed32441a62a98f2504e943306

    • C:\Users\Admin\AppData\Local\Temp\Cab2DC5.tmp
      Filesize

      67KB

      MD5

      2d3dcf90f6c99f47e7593ea250c9e749

      SHA1

      51be82be4a272669983313565b4940d4b1385237

      SHA256

      8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

      SHA512

      9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

    • C:\Users\Admin\AppData\Local\Temp\Tar2E7C.tmp
      Filesize

      160KB

      MD5

      7186ad693b8ad9444401bd9bcd2217c2

      SHA1

      5c28ca10a650f6026b0df4737078fa4197f3bac1

      SHA256

      9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

      SHA512

      135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2900-19-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2900-15-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2900-400-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2900-17-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

    • memory/2904-8-0x00000000001C0000-0x00000000001CF000-memory.dmp
      Filesize

      60KB

    • memory/2904-7-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB