Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 20:47

General

  • Target

    a24b7b3da8cc38522109eb1e6c691b99_JaffaCakes118.html

  • Size

    146KB

  • MD5

    a24b7b3da8cc38522109eb1e6c691b99

  • SHA1

    8ce4fb9f370595d9173a2b8dc130029e5c7baf13

  • SHA256

    0db7e6fb5b0a8853be5418accecb105b2be237720fecbff1f2b85b089da21a3d

  • SHA512

    7f48b8458bac6bed418c2c6e2c5db75f3e2276c3f6f910ab016a3a3fcf2b11fad270b8464fb9900a8cecdbc42fc465df4be23fa8ae1781f193d96c837478a822

  • SSDEEP

    1536:Smg6+SlCyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy+:S3ECyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a24b7b3da8cc38522109eb1e6c691b99_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2948
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2064
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:5911555 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2708

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      90e041a2fb11aec041f22be6605ec837

      SHA1

      f7bdbd2e22fe87914c28b0223379840b8041d5f2

      SHA256

      9d3ab8a83e618e7d65ea30bb0437ac687ed4934c956acfc76963a947982735ce

      SHA512

      19bbd460bc1caa324f0efecb03d1b601a8e0da9eae77a096a397d72a87f98a4efe570838788a956e942435f564dcd6cb7887b947e01ce88c3eb6d9287869656d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cd9ff0caced9d74ddbcdbbc05bbdcd00

      SHA1

      2a206e541945e07d14e0bb7f62e404e5a8ba9b92

      SHA256

      be27c52a4bbea57be56d0fd5098e61e680f60a3006df56e61e0afcd2c84079b7

      SHA512

      6f1639902bfd0486c597012124d36eb8b47c57c481a6111c31abca898e9785fb10966e22635237d9029b29d7e5a3922bcf8a77aba04d6294d3daf36dbe6f5e76

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c9df9c1d222d94e5f402db1de39135d3

      SHA1

      d41816156a2d37d2ed0b8e79187d706914f01704

      SHA256

      0edec6a327f522b2c9fadf12b672f34e1454a62a49ba5507e5eb82163defff42

      SHA512

      29b89683b66f0a671d292bafb4a3813da0ba9aaea627927461e51948e79be8ed5a53fe759a36f3e6cb79b1d90affd340677cb0bc5b76f2ecc30503251e9dae66

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      569d47a18c3f83aa805a873b1e0dc5d6

      SHA1

      b04826509b9ad3be89a14d263f3a373d7daf2d10

      SHA256

      9d9387477b0176ead0b7d1e2aa6a29b01c03e26cc991e2655f449b486338cee5

      SHA512

      4b321c877ae87b8aeaf218cff2d9fdfe3c34c5ff101db326796e8ac8339cc94b26ccaf62e491e9deaae5b98dc8199a6d52a8fc5a2261145ce19f921b4570389b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3e244477c3255499d00a3977c09cd83a

      SHA1

      188ff8754fa082f26bd7e8854a18b7c698382f52

      SHA256

      5b72f3cf4183babaa6ad111462532cf3c01d52caf426b6ef5a3d2f2f55901cc6

      SHA512

      c90d2474faaa06b3c9ff6fdfc99659a05a3583a3ca677f2877758dba1a7165b1f74584c01d66696ad2c8476238dee259cf02d5e8db316022755013a8f0676aec

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      556b7c3d1b2478bc3e8e6174468b5bd3

      SHA1

      c4a142f0237baa0c472655d555895eee4fa85bd2

      SHA256

      8a03f0e27e074d3523e0bb3e2b23870137aeb7939fcf11408e2e050005afa35c

      SHA512

      e245d1ef898454982ba93a6ae44953e6ee8a5ecc866d63bba8ba4d97c9af66459da5811d6a46c284b1cc739a619ab0dde709a01d642609d51b5174c70c6b4c0b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      14b498aceb18b3aca33e63c07a6d73cd

      SHA1

      ee0d345cb601e08d4839f1a428384b8f8fc4861d

      SHA256

      883bbe3803b8b9509703340a095b0daf6c04e9f40fd306e67a7f00569a4845bf

      SHA512

      eb5d004849e5b95fecf1b897e21a6e38eddf99411d6aac451672a374b5143b586e9783a24be43e2f43f9aad95ed11edc9124b1f09af98e280f2be51c46e44821

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2bce65516199eb673250cfdf103f7918

      SHA1

      bd0cac7739539aad8fffbceeef9bcae60275159f

      SHA256

      5799c03288c1837f0f1eca73ec41318b8fea0cc2c01f1c397e5d2c5c6e852528

      SHA512

      03337881cf2104b2822e284791e3eb89a3996cd605f4189af2aef49fd342444659667e90f8ae91e7eaea08eafa38d4d4f39d0a3f5546648a9aebe85b9cb5976f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      86b52d2642a63173b05db957dc947064

      SHA1

      d71f7998270df000f1c63483e73e2ff17119ee6b

      SHA256

      c3122847778151ba49f32317cd6bee1a9f20e6ec734a90c1ee1a1ee3eadc787e

      SHA512

      d129d6d1740791f6011330d748b283887136f421c08f3131c228a49bf7bf113da0dd6181f83a05684db2245f9da997192be6b84541e0daa84a9ce724aa81b18c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5e70021574ca8826be95021b6e85bd57

      SHA1

      c6fc4f780b041051db3f417a13c7ed63b083308a

      SHA256

      160251c3badcd1f9fb3a9a751fe1bdfa08783b56dac77f767afeeba484c05167

      SHA512

      db0241c58afa3b8093e9c6a3bd488520daed27497ce45da06e711c7037110b1c021e1df8cbbec707cb73ca4af3cac94138efb7201b3b49d74b959879180dee1d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b727167e909c48e7705b4c4755109092

      SHA1

      4ea7db64dc5c1bf5f7ee515143c46c0bb377fd08

      SHA256

      ba8d087fc7b9fe5232e7feb276bf220e22141b9184744a2a154450afa8e32c1e

      SHA512

      acaa27db0c2da16495c0684411c549a9d1137ccaa6f8d58d2e94d184fc3e96629a3e27365e2767577c60c427d5a60b1cc9250ef4178bc40013ea4ce47be77ef4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c77f5c58b53432eff51abf072d0ff895

      SHA1

      78194a0b787043a6f31bc18e955595cdb173c3b0

      SHA256

      3b09d6c50a6068d7fcb4894d721e75855676979fd2264a438491d187fcdd3f10

      SHA512

      e8f6fe7615b93070450cde5fd3945b84b4f0acf482e672a76eb2cc8b1260681a40c1a6e599c5975f75b966a4abf2e348f7bed1121989ffd0d3f798c3d0c1742e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      06537635a20d6e2f4f34d13d01778261

      SHA1

      98270e0da8c6b40f6e4fe649272ade11505799bc

      SHA256

      efa73deb05f21c9af174ca7bd25a8ae3df9948dc7f28eba66566686de51f1542

      SHA512

      dbbd2272c8d74d6b05f8f0b9b223d7e3b2c21ff835b77889e11eb167e71ff2dddfd5decbc0cadc3f16eb12da2d657d38f3564f7a514c656c61018b59630253d2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      072758c72b879e72086b97c3d5eb6636

      SHA1

      167392fd17eea85c35de1ee700456b5365dd06d3

      SHA256

      9167e86e6b25e9a872c92108063070a697d1b1f7eb24874a71211dd652806004

      SHA512

      4ecfa46f76a64b338c27e2351c7911c8801cf743997b9315e04414280b72aa0c01e0d29dc8418d6c36bef115f787e21d87543a4095e9a4108619d6bed0d54d1f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cab3ab6ca76834d5d76ad8411a6133d4

      SHA1

      2bebd9de209c5857de4e796a0672f2813501e747

      SHA256

      e9007e0957933fcd077180f84056ba641f64ba3985a5de732c6c21863d4ae1c0

      SHA512

      126a6a192112496a8aa41952e2e8ec87ba181a5b3f46901a1e7040590751db4ec279ac810679518f9d50006d40bd511c72b42937b8fa11d89382dbf98149f6d5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d105abe74d6a27dbe411b2a323ab86b1

      SHA1

      a6174730034f299eb20117e175d8e3d9bca0dc20

      SHA256

      5274ab8f6ff1c1eda980b252aa40d27ae29a4984071729b33640c0395e997997

      SHA512

      258d1689707ef394b523a9d67a8bde7d352191f661267fe6ec02cd90f2ee6760f29d54dd1124cc108d95fe53a59af8b8a10bd7998e47ae61310fc413bec804fd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      980f721e01f86a5f355d1ff881013127

      SHA1

      192112b75e0ab36f89e9897821b76313a1685961

      SHA256

      55244ad5bc3d74fa8920203cf0b6368d8aea44dd407159621792da9b96b7a742

      SHA512

      8d518608240c5a5839cd1b767bbe76b1e14067e15ca9c5d3b9a860c77f2d9e06aa0769ba428ee8574d885e6769a413fa8f773b53a0b1f3ee8570f8b896690acd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      15c38014084851cd61418c5fa19a49a5

      SHA1

      46d442c2d8184be7aece9106c53433bf40431be0

      SHA256

      5e96e33567b91a9daf9549890c8cea29ea1754f9432bbcd4ad90dab4ce8bf00f

      SHA512

      18319d275b453263c9917d6e515c516f2b81f2f776d0a86d3c2be0b6f0bf6c43177be5a30ef0bad1f115d658d4fd024fb00de0aad32ec89e7fcf182373a4936b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d31d74eddd9c65e6c0cb4ae4d9b09a47

      SHA1

      13dc32ccb6496e2caa94573654341d9f97059961

      SHA256

      52ee6a48727d5a2d69091dcd62f5fdefaf42387eb7b6ea393ff5f1514c876060

      SHA512

      27ad2c0f2a562a594b09a5f153203c398aaa791c85dde1a1209e8dad8ed45f561985cbef4e96d4469d23eb47d42d593564061964722ba940799306aa4cb06d25

    • C:\Users\Admin\AppData\Local\Temp\Cab285B.tmp
      Filesize

      67KB

      MD5

      2d3dcf90f6c99f47e7593ea250c9e749

      SHA1

      51be82be4a272669983313565b4940d4b1385237

      SHA256

      8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

      SHA512

      9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

    • C:\Users\Admin\AppData\Local\Temp\Tar292D.tmp
      Filesize

      160KB

      MD5

      7186ad693b8ad9444401bd9bcd2217c2

      SHA1

      5c28ca10a650f6026b0df4737078fa4197f3bac1

      SHA256

      9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

      SHA512

      135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2064-19-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2064-17-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

    • memory/2728-6-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2728-9-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2728-8-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB