Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 21:12

General

  • Target

    a264b92ebb865a4fa82bde098802ba52_JaffaCakes118.html

  • Size

    117KB

  • MD5

    a264b92ebb865a4fa82bde098802ba52

  • SHA1

    fa675c35126ccc5b034704667614b8b8a879fa59

  • SHA256

    4616523601206992c096e8bd1a16ba2bb8f32f07591a64d0eed7c6bcad0436d0

  • SHA512

    338dd70d0a948efbc3cea62e76c19243d41e5abe76d46d070f7cc79db4f5b778183893380f72b6d2cdb88c094768668d2a30fb26ffb72ae352e03281bfec8511

  • SSDEEP

    1536:B6jyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsn:B6jyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a264b92ebb865a4fa82bde098802ba52_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2928
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1632
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2600
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2408
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:209940 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:624

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8c22623b8e3ca8a97667f920c01e6fba

      SHA1

      ca5c93c970ac08c5092ac715cb9909eb26ec8346

      SHA256

      9518567c1be1ba161ef291f781bbaba559e78b2e690700bd48d818037eeb7d5b

      SHA512

      623ba00f5c46956a2485334478ba2170d5d497c9fe708b75498c54041a6153139a5a2cd3a0e3718ffb77696e86364346325daa036811d8a2e68a3ca66b8b581f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e8b71e9f4704159bae90ae7057455887

      SHA1

      2a71f358c64b24ed946facf8292ae846ce92f0b3

      SHA256

      e1715d0c11940c2c1fb58f035ab1b809cccf8501ced34a28467f4790bd4f94e0

      SHA512

      374fabfcdbcfaf47b818eb3f41a7c0aefa1a50e986a9907cbd92fbf0ad634e18dfc8f0e09583ed31ad8ba1cd4b80df0afdf1e43ba9e1ab5fbf8a8e6c65366fe2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e1cb5681b3795bc25cecff0a827cd7a3

      SHA1

      60abc479c8a901f5df44fefd3330190b5f47216b

      SHA256

      9c446cd68a3b008634eea3bacdca03150260af8b6683e660495ddbcbe808a9e5

      SHA512

      1b6624f741e4475b2216fc27f5b6db78eea872522d47a45c172f4f6ec0fbff6739958cfc07bf85b78d34d2bad6aaccf84a428beecc3475adf7287ff856f1727e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c3affe58d3e8178ee4e01da156897d7c

      SHA1

      ef4067b6e89a9dfcfc3d5c34c5ae252b2687779a

      SHA256

      37fabd8221a14f3333fe4b7bcda2012728b32dc9ac5af1374f728b855a44b4d5

      SHA512

      ca11173c453f860e68821f17cca72d82de411ce91201f9dcd7f2b1c0b3307c87668d3471591eb074c1a17a2f26cc3505865102b8eb3e2743f234c9b81250f9b3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      34fd694de666bd637945db62e0414518

      SHA1

      dd3693f2415dd06b12cb65e174a2fc99e31d446e

      SHA256

      ffce0bd80d2f292935b5ffd66d2c9ab2161a5fbc15486374e9faabb215545218

      SHA512

      cb0e996d18669aa094437e3f393de02a7cf3db4b3b6531bf18b9146f84070908df723bad3ce9a51a1e1c25eda7a98426e68c349b84fa75d564cdd6d0c0121336

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      93fa296ddba681522e8bd7227fea0c72

      SHA1

      3d7a09120978942ae9eeadba8b5b82c2902d5739

      SHA256

      9c130416f0ea0795a362270e71a5920d282b88b7f987b2d82a38b875f9c53db2

      SHA512

      fb67b4614a2350e76e818b860c2508544c67a07d96006d2ed605d2b9cd442957b6f254c92c03f714b3591ab63cd3e93adf8ff62c8e3f6bc5279a486bca7c6d13

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c51f93cead8cad79a77edb31447e3a8a

      SHA1

      66787fa02c5f390148a38254e4c00ec55e0084ff

      SHA256

      8064ca5cbc533f79c009420f153208f1acf484a9e8975f9809eddca1d4d77b22

      SHA512

      8ffb96e31177745600d97be3e50ec23ffda1940b3364c1c5bdc7b18acc24a455debf8dd10ce98e65432a4900e2c3bb9f8111cd46d44b3e6693279158421ee12d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e48638c8fbacccf2da0848f017d9d9d7

      SHA1

      6d54f41a75e0896128181b057fd761d8a6b1b04f

      SHA256

      d83465b0b33f9bc9bda62f43988cc58746e1a8465408fa28e5889d6032ac8e4c

      SHA512

      8de19fe5e7a35d1710bf568f1512b0f250359c1ec53f31c9e28565e4b1a592c206a01a90e7c1755b76fec95c2f3a08d1f32c69bc9ee852a592b08016db66a604

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d0d0a5bc93ec56639eaebe3c74d60cc1

      SHA1

      c3c5166ec208ebe545caafc083e359f6c0928025

      SHA256

      6bbac28457e84806fddf72b4e6ece51bbd35cbda5cafc923bdf9f6afa00ff29e

      SHA512

      18faca7d24c54969996d9262eb111a4aa316b59458aa77c241796f494e0072afb38881f56395388b4b2cd928e811d9a95d7fce03f04570f9734bde17489e6191

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dcc7c786dd5009033e7d4ec7cbd2a618

      SHA1

      29eb0ec9704ebafafeb09a972d5da2b7cdb8f52d

      SHA256

      ba531438712a74dda096f4d323c3c52acffb178e84fbd1a9c3fe7256848f6d8b

      SHA512

      f8a326ceec9e24a80943bf4a7073c3c1cda0fdfab45b8edd1e711a33a475d4de1b5bafdfde1f316ca25c1f813f30adc9fb8bdc9ff72e26f9271269e88a6b36e3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6e5f38a4abd7c4e0935960595a6fb420

      SHA1

      5a63ff9ce836af69ae8a2ae53b56450affeedfcc

      SHA256

      c301c1d879fd0c7c9b267dbbcca746540c10f8040590a69f9740757acfc826c2

      SHA512

      6eca4c7e4619d7c06821e1502ba5f79c65ef83ef855cb10059793f6607713714d4085d1a3cddc93b7bdbbd98c96e4fb5cf6cd99e3cc944138046cb3daf9ec551

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4493517d7cc1995985c542569895a599

      SHA1

      bea52ed7721426286310679053a3a3e0701e8690

      SHA256

      3239cd6aba60c1e5fc21831f7620ca00f769a676aed276461c88f43f1bd3923e

      SHA512

      247a60ced885b608f86d3e3014fc9e846374cce9edd2e2a2593c764c26a6e589ff0cf345ef2ccb9df17f20a4d68019e7a734258a9da811f9cd36c3a75dc13e13

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1a2fbcbf7236c8ee52da81672bdc13a3

      SHA1

      8736055f593c7e9c1eae7d41b0fb130836817e4c

      SHA256

      8e672ec5347e6cafff9f20e3039f9db329799095b7721076f231aed0a6ec5dd3

      SHA512

      f3ea4b98cc378e52158c8b8a4e5bdf6917992dc609279546770511fe3e081f0c6f2289a3b34584d658a15c28eb3041932a599a1a780b0c247418141ececd58da

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c76e391451b12edde27eba349328d9eb

      SHA1

      9c92acf9ff2bd26ef42a36dc010b4c3b0bf2852b

      SHA256

      15c57e2f67313f110d57c461fbc0107880691adfbfe0093efefe4b2b77f6b872

      SHA512

      bf80d9020cdce296066c36c410d8530ba7db31984c4e90fe6f15f60a77669ed8c670008860ebbcde1188afc5c120edca0773a4d3d9a1d70fc4da0aede7f16eb8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      84a43d295772437fb71548be914df0da

      SHA1

      da718b053615cd513529239704b0b460d2698c9d

      SHA256

      5ae228d6e236d0c86ec6f3a434c3c727a10d47bb4d7941746fc3f1157b88a24e

      SHA512

      9dd40df507b5114d3fbb06dd6052172d477292b08778331af46b15bcd4b0e89ac2ed63fbd8e20f29b8c9f5903273591082adb4f4fa3b6175f4371866e5bbf542

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      082652ea427f109056bb83b1d1ded8e7

      SHA1

      128036691dcdab17999e492cf71c73e14615e619

      SHA256

      a3a79cc8d699b5b893917a7429c29d8a8758c6e8e303dd46e8fbe7bf2eea617b

      SHA512

      6030bd53ae58d1a2819a2b4790635f1949b40ff088558a52141297f1f0dcfd6e11a8a1b6e4e27561b5e5c8e89df3731b647767476407a4ea7e416c86a5450a43

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      97f202d27df3a8720543f4198ca88032

      SHA1

      17d18fc5780136c38e82df5b434a47cadc894d3b

      SHA256

      72b45df863ef53cf158febaa3ffdae676131255d6af843898e8b6726d6e69723

      SHA512

      16efb0ff44c678cb0fa90ebf148211e2f615b021a9f8827942573f47d3f59018b878bc2e702853c0ac6036f2e94f9f230a79d28545b989a6f5359c2b8c5b35fd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a8aecb4290d3b01ef153c368e57666f3

      SHA1

      b0ea63d0902a429dd5266a7749c21ae74d2d1759

      SHA256

      f8416f4c47821ba5c0d60d933a06f7807b735538c0a1cd82dadb6dada361304f

      SHA512

      4a4a0e8fa8ca1debd0f63530c8620f99adab5a5c3ae6273ddc2b79976970c6723969bb1ae1363c18c42b1264489ccc31ba205a9a8cc7bb34b9de5db977ad6cb6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1ed5e32c26c97e79efa00988cc3a0c20

      SHA1

      234e3f91861d167a09ee4a5c3e7fe0d8df7953cb

      SHA256

      a50c4f4ea41e3d5fae789fa23b401e64835e273ad5416cc1ee1dd60d44943b72

      SHA512

      59bf28dc84d231acae2bff4c435f6eb0ffb0bc1296adff238c03f9a3ee84315f48ba631c9acba6eb9f37acaf0090537da7059e78ed0aaf4cda4d81e481ffd29d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      566c1292ed0e4ca7f2ea4db62a1ac218

      SHA1

      dda736b5d63c789c1d9c765bb5049d66050d081b

      SHA256

      2aae7e4b7431fced9290ca3deb2873540d8adf85855874fe2e50411636594267

      SHA512

      b51d958e9ad9cc74cdaf75836276220d13b1595ff48a7d4eba990efe211e461226dae54eeb44de27f03730716e346a51a39e3932c0513c5b64a16c143d397122

    • C:\Users\Admin\AppData\Local\Temp\Cab1D72.tmp
      Filesize

      67KB

      MD5

      2d3dcf90f6c99f47e7593ea250c9e749

      SHA1

      51be82be4a272669983313565b4940d4b1385237

      SHA256

      8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

      SHA512

      9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

    • C:\Users\Admin\AppData\Local\Temp\Tar1EC0.tmp
      Filesize

      160KB

      MD5

      7186ad693b8ad9444401bd9bcd2217c2

      SHA1

      5c28ca10a650f6026b0df4737078fa4197f3bac1

      SHA256

      9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

      SHA512

      135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1632-63-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1632-64-0x00000000001C0000-0x00000000001CF000-memory.dmp
      Filesize

      60KB

    • memory/1632-68-0x00000000001D0000-0x00000000001FE000-memory.dmp
      Filesize

      184KB

    • memory/2600-74-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

    • memory/2600-71-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2600-76-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2600-73-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2600-75-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB