Analysis

  • max time kernel
    133s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 20:39

General

  • Target

    a241f67e4dec7f23e7e791196d92a332_JaffaCakes118.html

  • Size

    159KB

  • MD5

    a241f67e4dec7f23e7e791196d92a332

  • SHA1

    75c2beed18940101b7a98f6458d648438a886e14

  • SHA256

    bb7e878adf16cfe82f59fcaaf1f8629451eecfa5d7593bfa900af63ed28ab527

  • SHA512

    8f6aa12f3e197a859a5bb9cefcaa3bcb8a38f2d75b30999fa47277e6c8bad86f15d097078413a50b8e061298365af57985b1d66edd19ee4188d13cefd21ddaf2

  • SSDEEP

    3072:iacfiNQP6yfkMY+BES09JXAnyrZalI+YQ:iNsQPfsMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a241f67e4dec7f23e7e791196d92a332_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1200
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1960
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1644
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:472080 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2244

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      952cdd99e0c6d06b897c43acf21b640e

      SHA1

      2bcaba01de6b7c61ee89c0eddc6c5e8b4a34c33c

      SHA256

      9cb0ee08d766f63c857fa5f52d791132ab5383a4e62ee150d25db70802518468

      SHA512

      d4f3424504818be60f90287f026b7e89f114900f5818ea04d96b05ec6a5960bfd60cee35906dfe98a12d4ad4d7ebb7c8c4eba9a0b22acac3e11ceb5d2139cbad

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      4fe5c247b4a38212394c106848a12cc3

      SHA1

      6eb6745403c06d940e28d927f9c55f47233fea53

      SHA256

      146a3c13f1df003173bc1c726c3d42413151c2f6025465a9431fb30630fc6b2d

      SHA512

      e08dd5c8b0e0398081f4be43ceb08b3f6b465a69a3d50df7213c1da5d94259ff755fbc4b7684d6433d0f9a329d7ebb1c437ebfb14c7c4ba134bae50c647e15a6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      5841144b070c2a7662dd3846daa76592

      SHA1

      76c797373a7bcd32f90fdfd49eb352040af4c280

      SHA256

      9204e5c04ea8ef36f36fe7cefee8cc6510a51074af2767716071ff2d711eafca

      SHA512

      e583fe0bc360bd0700f4abcdde4da72fa7991712b54a90c080e17fe150f3821725aee314d43cbf290d81cf8e1b8fd839b383ab25e9df8eb4b67bdbcbb87fc5f7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      efcbf55667cfcb7be4acb396e26718f8

      SHA1

      c1f354266a68d5bbf5193afc21d6b2558e18cb9f

      SHA256

      a13f467c5efb32c35bbac6a577c4488ccac1d02af79f5caad18f91bf826c9593

      SHA512

      766eb4a67c85eb46ca4fbde48076d47cd8f367802b22103fff08f15fdd7e0d5dcd7dac3d2e749c0f635bfd2801507012322c62ba592dc351a4d3c2ac06986104

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      68bea997e8f6c029791c78af851e6bf4

      SHA1

      27b9b2044adffc97a73ed2ab620da0558b12e0ee

      SHA256

      201131eaea5d9c25409f5cc3cf3bf34f9a62940c46ef61963e9c7ba3869254f8

      SHA512

      548e530c235a3d8a730c69e22fc665530bfd9270501287ef1b2fe9657ed8d27ea7e099590b901a5c4bee0bf7d29ab18c3e5db52666b4add8843d53c900103761

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      2b796c795997dabde08286c13caa4676

      SHA1

      147ea73c5ce582780d54e3671e5a15baea82d661

      SHA256

      ba8ef10abe34e1c50220f01d127036ae62366ef68250b78107fc1e96132ffd81

      SHA512

      15964c9366a955b51932efd2d2781adee15edaebe75011544027d3199d2ea00f10cdd036b4104317d452d317e5417d0051dc2a9cd1f01208f2192a9461708d46

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      3cf0bb23011b3e0d99d907dfeadf9bf0

      SHA1

      7c7bfbfd33953f49a813dff1f3084cc5c4ea1282

      SHA256

      551941954ef4022fd9be76162f4bd7e864872135375d1f2540be79a7810d768b

      SHA512

      d8430961dfcf0acb507e4fa06641f2a1aad96720e44a9442f8b5ebaea985a2afade5b6f6a7abf363f1d35ce99ee0b0b95af6798e758921348986011b8bed5032

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      f577df67bfcf9add322e064be486b50c

      SHA1

      cc43e42951f4126d05d12cff85443e78245e5c2b

      SHA256

      47b5f46e0644453f9b1731dbea91fe84aed104f93950968ad221115cf6866d87

      SHA512

      deed6eca004881d40d9be013d186fbb9dbc2b72e6e262a06b6894475ed0db5af293f48b9a26bcf53e0adb8fc0743535360c1003ddacde84ef77ccc1942568195

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      f7962ddb5eaeb27804bc86113bbb27b4

      SHA1

      8b56398ac0b8ddaf7aed6e4b508cea6b86450251

      SHA256

      86882fa03437488e47a1bd87acaa0ba7ab45eed861b48ab406cebe7d0f76d406

      SHA512

      5b929c5e7c7cb03d3c0ed279de356d87bc70d0fc84f121683ba5f09519aa3183e6a336b9c96bec50ebc6aad5d1f5479d2e91288effdfaf02b8e15ddada32c942

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      b4af86c19ff8c5987e627d30e26fb613

      SHA1

      de553946adee07d34451f47f09f0927808b361f4

      SHA256

      bcb288852fc02dba8ac74188b0f772e2110ead55b193e1d6b10dba4c20c6dd8b

      SHA512

      ff7a020e42c6972839445425600c28109385443e71436a90b737a9b0f261b1572d79b29b279648704d1ed5b7ea8b641bc436becc31d424339feee6d2d4d21eec

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      725dcbab43b4e1ded576e13ae42ceb06

      SHA1

      d11a748ab1da95a4a6ea24bc6e53bf0a224657db

      SHA256

      41cb81bb908fd89bffc6847d7f9b43a5fe4f0b19e94a8381466670e0b44cbc9b

      SHA512

      49fdb9523b82c70c3afbd1be438a00afd39f962a58e5b04446bce68ebab570069b549ae2051f6f64d743bf53a6dd3e33fd0213742ef1bd56ec6e7ad93dc8a131

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      ea03fcf4400794fccf59629562eb2140

      SHA1

      191c15a49d9f3399dcea1da9d81383f3995631ee

      SHA256

      ed99dd2fb557e3cca1b7cd5a9d7adbb169fa1ff33f7ef667a9067239e90d36b6

      SHA512

      35099b4c35d09bcac9c63f648510efd84b903ef5ccd7843324c8830b542e4f285c6ab6e71e6b751edc8a690ec9af5c822d99609741a58317d6e3b96354697da2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      52381a6872f364ecdd6f9b6736cd38a7

      SHA1

      8545c306282c715e7bdf980b09c44a7d6d902021

      SHA256

      ec1e13a663a9b9069e6cdb49ddd98cb0c021aedc03e6bc5eb116dfba06675d0c

      SHA512

      137911935304a540866e99382df5a1299869e99ba68dd6d00384a38d1e26006838612fd6e15fd7dcf3544ed4e7027ee6717dbc2cee4d1417943da750835aa101

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      f7f10cb17edcc75e809bc1d9400347a4

      SHA1

      157bb3bbd464ef6a4e162e619314ad5f6e5d0ef2

      SHA256

      09d35cbb4423fbceb7e2cca16977c7c154b8b4ce5330fa8272ca8e6167f4e164

      SHA512

      145da646b6feb6a33f2cdbe70ef32abc3b33d507ffb3d73ee7608c7c28ce7a98b5e5ae477f6fb77ebda5d2a2a3d604a5c9de16ee73092d9e34cbbf12307c4c2a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      5f2e79b4e06b6ccdaf1f8f0251fb0a48

      SHA1

      7a1ec1acf1e9101e4dd00d30f6261a7bd27a6452

      SHA256

      d0aef409a8e47ca3c24bdd2d5aabb2443b0cc4c8b7866a91dac381490017efaf

      SHA512

      125cfcb90010e23f593f39c3cdbdff96c0d84c83082d6f18336e2499a9fe6fe27f2a637ceff8171538871bf7645ea38f9a16de4e7e7c64f2e44b5b0072aafc80

    • C:\Users\Admin\AppData\Local\Temp\Cab30B3.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar327F.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1644-492-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

    • memory/1644-493-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1644-494-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1960-487-0x0000000000240000-0x000000000026E000-memory.dmp
      Filesize

      184KB

    • memory/1960-484-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1960-481-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

    • memory/1960-480-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB