Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 20:30

General

  • Target

    a238958d855b22c9b33ac6a5097febe6_JaffaCakes118.html

  • Size

    155KB

  • MD5

    a238958d855b22c9b33ac6a5097febe6

  • SHA1

    fcf16c56b9980d6e4958c430f5a6da1348d210d2

  • SHA256

    b9cf3ac362dfe6f27d9c4d7dc739d2d6431a9700e9d08cd3bb75f5a397cf40d5

  • SHA512

    e0b4ac1e52a41b1684e988fdfabebca1e25d764fe2aede0d9e6a5f40f14eb8fc46012e4ba8664046f821dedc7b92e61dc06d8bdd3727b30d9060013edc3f3bbc

  • SSDEEP

    1536:imRTXUeB/wt53GNHgyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:iMi5egyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a238958d855b22c9b33ac6a5097febe6_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2744
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:884
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1040
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1304
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:209934 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2820

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      28c80fe7b13321b52725caa282f24030

      SHA1

      a6ae92693721ff4e8cae91ddeb6df1ac45bc5474

      SHA256

      4cb2b43566a56d9974bcb9cc098c25a38dc34a4835e3349ed566ed1b54fb8e5a

      SHA512

      29f9559c56d78423b3316ca836914721141c2ddd95a7174c7614c376f72bfcf453ae56ff281953145a07b15a2bec6a11a3e585d3c8e3185455bbe83bc1709906

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d70ad2c90caffc6bd9f6d8525d75d558

      SHA1

      0d0bd9e98c7f8827553d4ffeede5b561116627c7

      SHA256

      8ca7beb6e4ecab652715349301a1dac58a873a7a09dba0a702b4842705b2d99a

      SHA512

      bd8ed10b5b750842785218de3b22d7fcf5c7aac53de25c628855608a8e49d15851b4dde42711dce428be8acea7ac5580bb0bbf1a3899e0fc59910288d2db7793

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      83a04f7f993f48a69cb75afdb32ecf14

      SHA1

      d466e5b196d4667694733c57e77f45adebca305f

      SHA256

      745e20fc9352ba81589d5cd82916c2ad34bd6d868516a11241ed1aa49ab38872

      SHA512

      36819c3f2602b01d2903754c819bc1f4ba7eff76520f9f81e31d0bd1db8390b7d37da4617c1626621bd85f191cee677cb8237ec74989827bfee075d414b00f45

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f8d36eeb63ad871884de3f5c963143d5

      SHA1

      a46f208fad1660fec7b6861ff9b566ab9ed4dc8c

      SHA256

      99388522084f694213f31bed77ebc5b8dd3e300f8b8495ed9e0851b2fcba9609

      SHA512

      17370c795da7c98c770d59c4092b81e40e56737f071a19876882a0539731b1193099461cc1b50fc93b78247be487960f943b17e74558150b9221c19fba1107f6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9a00f6d3c59ba621b455b2edec56a2eb

      SHA1

      e78ab0e67bfa2b234024e4a397a6fb590e7a07dd

      SHA256

      7971d5c665367ea7ac52bd53706c760b643bcf3ad424e96e9f3a07d76cd6425f

      SHA512

      dd51593426bd46d04f91fb9a00c17c613b0f12e0da0200ae5d83049618c6cd2425e45b121f83b80e904a50b2a78179b36b722dd011f64bfd35f7f6656104c6be

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5a74306a720458722c30d5eb9088b33f

      SHA1

      f6b4cca7b0b802bf6c0cbb0546ac4f98d613fc26

      SHA256

      f7a2ecfd6ee3b6d801152f0fe0ff8ef05878d7e2a991489e3f3379f10d2a0b01

      SHA512

      ec412d386de1030e88a2d51f1a87d83ee89a98d996c16c3526ca437e2dd6a010c4964e4c831b3c31262158382df1604a4866d2998ada2731bcbda258fb0b4436

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4fd63921ddd266d6ab09e03b3a2e9df4

      SHA1

      bb6bcd24b642518d8aec80ce1339b8ce844baa4b

      SHA256

      228cb9d4f126b185800deeb4bac1665145b5b6d9b4de3be3e6a79b8cb0e21e29

      SHA512

      fd0d885d6540ab00439e74662b8a035df7448636190aa328300fa5e81732081dd7997b7fdf8385f3f48c847395e1da2811b66f3e5c400a1d949dd503b2e5bc43

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6f0aea874c130dc905a0a2ba09d7f6e3

      SHA1

      7ae2c994020766e84924897debe3a307f4b6c099

      SHA256

      80adb9d40ea149dee64fa2ce66245c0033fba6a735a1468440241ab58f0ae0bd

      SHA512

      d4089933f0d3639677be446de343da2502f0eb4d660c7b362c64688af56f53b0a238d353fa5bdcbb0ff2c4a9b43b78e860d2126e76c3da74c95d6e2941b26496

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1beb11fb63d87104a9a9a7658d9e50c2

      SHA1

      edaa7d09a0578a3ae178443b7e4b0e1b1a9d992a

      SHA256

      6f07314f2cc0e825d0566b1e749644ed381f09fcbcbe28aa5630bd5cfec57f59

      SHA512

      d611b94f865943ad63d48713fa45ee6fd858f381268b6b1cac461e4ceb922cd49e3c5746015b5ab969aee362426da7bab7a9b329d0554d1c16d457f713dc71ac

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f615b786bf71435bb25621707ca4a294

      SHA1

      7f27735443a700c121d5c27a4f86d97bc601a355

      SHA256

      d080bc0ba1cb31a28eebc2289fc49072ac4536a0630a20605fc8d95e40b7c651

      SHA512

      d40735aa5b2245ec2983f89480143b1c71cefa9c2ef5e374259ea299068e2f0ba93ef4731013312e7a3eabe75fafd6f52a1af18a49a47b1080800542cd358704

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4a11c5299f66af80eb1ddde31f2683ad

      SHA1

      fba76694f5cc43dde36bca282a2a6a84ba5d9d22

      SHA256

      a5e10e428479265d547edf6f4e357dee3524ae6444913c8c0be7a71ff6b76c16

      SHA512

      61a48bbf9b62a7e955bcc561dc785ea0bbe683d535272f41078e9cd9fd853435c6bf77836055c943ce7b356c39d46089f136d686a5e4fedee3faeaa51b84e17b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      da7159efa520c8cb36c765b657510a36

      SHA1

      28e3d2fe04e32f58d66904e7398707b6d326c3a4

      SHA256

      b4414b8919dda2e8dacc940e5e032100c4863b6236f2f3e2367990bc5429f612

      SHA512

      2b39258f2ca29f3cd251e5d834668892a7c294237ef352fcade65c5281b5160098e159f52d7b0a95d966f1dce2b20e61d28737c34387eb82cb836bb1e8cc6f79

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      232b65219b7c4015bd8950ceb68a5b12

      SHA1

      ebe795a4ba28d78c21e3700e5a5f43ee9de7bd8a

      SHA256

      d63c0b87bff870a38d96562554323e0a00d9c64ee8febac877f0b05d58b31515

      SHA512

      3754f558150c39ae0156bfc17e7f42257195a08053e20f4ee0c9d411a67070d5482b4de47d5e83c5ef1a597f3ef03459fdbd1fbb37c4d2f0dcc4b73a7ab5dc70

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5a4dc0cbeec51974678417368645ef6c

      SHA1

      0f30c94ed4cae8d611309a0ad424ee0d3a6f2211

      SHA256

      b66b20ef82764472483a836297989026e6164b7da750479b7aadbcdd168d592d

      SHA512

      6b18176fbbcb8b8ea1b91889f369827fca93652c85da5c1b6ee8a39eb36b85dbac9efe3715073117af3b44ea9f9ebe8245a2b2ac0c02c5058acc6f247b439db0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      05a6b54d9ee03f46445aa4065962c763

      SHA1

      df917db8a0cc8ba394617520e873ce74a541068b

      SHA256

      e1bcecd0700e55554a8dc543039f5f24f9c3f73e2df6d2e3d0e58dc855a24b65

      SHA512

      32fbcf8e9517fb6c21563f8587a321116ffb7c6ece4db9c7ca50ecb2abb00abcbb7effbfa59feb2cefb86121029e80dc98debc463236ac46160aa2258351bdc7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ac7be32d0f3846188659d38e30cee0ae

      SHA1

      2c9ae6468e7b1199718fe1784c8c45ad2f18f497

      SHA256

      197115da14ee85f522f2502674d2f22408ccac48026bb3fb7aa0daa685b89a74

      SHA512

      e4d411493be587ed42429ad26c4935d1d6a502d3d8b777ff4fcdfda66bbece27a199300727c27157e41d12b92da8e3fd027b97a50d84e1335a9d3f4ebe013b45

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a80e35806cbae2b2c51dc89b65b91632

      SHA1

      2eb2a6b00a1663e8f13743798676d4c72204b124

      SHA256

      094ac64d619a4f0130013b3e14b7459df148e7607429ad8b6f5bd1905c6549f6

      SHA512

      7a91e7e075f256d692b8e915ba71f254186d58099e2a87124fbd40637577d68c0cdeffb914cfde4fbd61b9ad70dfbff1ff9f7b80df0c46a60fd778cf30b466f1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b86a0819dd82204ffa3096c031e6e5c3

      SHA1

      0fd59ad4d48ac3f5bb70826bf1cf30eca92df1eb

      SHA256

      76296cab1b085160ec5eb2d7deb3f1041f0bd16ae5a5247ac614cfc824464765

      SHA512

      780efbf9e5bb98f66a16be04f7ea3260676d6d44d3cda7f1a186c5b81e57c77cf707e056d527fadec50b49ff4fa8e078794a1a8275d8713a73875cd95abea97c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4b4e7aa4444982d2a776f6de239832d3

      SHA1

      79d1c9034e02c236d21c486ff41b716c16ca0c1d

      SHA256

      a7c1c025c311ba1a5a23a69f4c0cc13f9b409b69d22636418dc517a73f06d144

      SHA512

      94723afd626c69f6f71b47b08ca705a0629414ed00fa3e6851502ff2ded25830d2c88aa18e88605421a0fcb6920c18b7879dba1e1ccd0eb9f4ea3d6772cbcddc

    • C:\Users\Admin\AppData\Local\Temp\Cab123B.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar136B.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/884-481-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/884-482-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1040-495-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1040-493-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

    • memory/1040-491-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1040-492-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1040-489-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB