Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 20:59

General

  • Target

    a257c606b35310015c61e7d9da2b4216_JaffaCakes118.html

  • Size

    127KB

  • MD5

    a257c606b35310015c61e7d9da2b4216

  • SHA1

    5a61796390e79488c57ca6d7c1cec6d81b8590de

  • SHA256

    687e9b3cfee416a479fa299b627055e4f82d85ea0ba5303cb43212dde910fac4

  • SHA512

    f2bdf0497c69b5195f99a345373b50308f45e9d138599692cb5bf2bc752ef71c4ede69626f89451c3601b151e4993d9a576117fff579e17b3ca9d41a18e36a5a

  • SSDEEP

    1536:SfVxNXyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dW:SBXyfkMY+BES09JXAnyrZalI+YE

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a257c606b35310015c61e7d9da2b4216_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2596
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2640
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2580
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:209933 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2608

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      5db9475d326d831d26acdf85d424e593

      SHA1

      dac6f95a4183daf6e302ccf332763123b6cbc620

      SHA256

      5c00f8ae4d452be6f96c12136c4df67f84d28c7d658c3518e29be58e0e40e0df

      SHA512

      6330035cc8ac9a7a109662e5c35b4fb9278d739462c8ff51937d3d2fbfa9e1a4e2f1b68535f4d40c23385c22c33f3818e3a7ca59655f84843a7db8eb2a420f45

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      532d15a47eb3565618e973a6b4c1512b

      SHA1

      0f4f44b8b37c90f3631b796dda0d127e4ed91abb

      SHA256

      71d61b0fdb57162b0e2430b5472f7c695d0b7c011b05dc75af729ef75b7ce323

      SHA512

      9dc29d7aa5d4571735b358e6d0b7ce15411af10126e959726a1140e92bf7d212ff35ad84ecf1dbd7b74e7c93a60361ce848e685e7ba70af600dc00109693a67a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3eb1a36f968c363d826bdf7b104410c2

      SHA1

      80ff7ce770d273ed0cac298d988e4dff7aec2d9f

      SHA256

      b5035cd2cb22de316f88e728a6b884c6030e5cd106238b45f1bf05af6ec311e5

      SHA512

      4202e2b4acd037014b7b52c6de3246ca14b73520425c3171bcd3515b0e62eb3220741ccb0987b9fc2d37dbac2497493bcbac36f8d2c6c39ccb80789e009aa2b7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7666f637f62d4ae825b2560c309ef582

      SHA1

      e5794f7dd67758f8191e361223804aab227cb691

      SHA256

      a1988d536c2b42a138a98caa1cd506553a210f29f28537095ae0200e876b8a54

      SHA512

      cbf74d31396f56e8b2ef54de0fb1b7312ddb3db521bd15efdf520833c223a004565a943d0d326a55eac171dcecc1c115da699801e3e8bc2d0858cb56016aa662

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e57ad2e3ceab4982b3c9c3a281c5fecd

      SHA1

      bcac03f10f145a68d8de552d6f8467ed0b9eb697

      SHA256

      a5c1dc5d2b6d5d5e4411411ee9fe44af43f977e4c0e07eb5165f40fa76f4115f

      SHA512

      663a3584603e330cc1a2a17771ea96b1c80acb686682b928b5f3d1a3070a47341584b3823b5b5c7aecb358fa43b918fce6919f7044bfce7ace139d0730bc492a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0dabe045511774506dde5170dd09fbd4

      SHA1

      7c7a969d67e981ad60679fb7bb2cec42b34c9115

      SHA256

      24772b629fe269c02af204a63b32319e3be9dbad04206209d7039e2cc5437607

      SHA512

      67dd188cde101d9c2d38b3a49c484dbe61df4e2c697e14bb32b53ed8ca6963924e43cd6b056b3a0487410405e8dbea02953701f547030be072a6f48a5db7edb8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7a870414e519ba93287a58bec136f48f

      SHA1

      87675d23bf831891e90400b5d1150b10d278680c

      SHA256

      d73d805fabc1a46f0f8535827adef7751e20f6bc9f3b788d8de66cbda24054ab

      SHA512

      4ca7e8812f71f6c0f3cf7f25819d31375ce7d9b48b228f20209fd2219100979534491af9c597cdc3a0f505eaa1e5404380ed7bdc93b858124b1ae252279a3725

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a2e26983c36d9049bf189a0db514d89c

      SHA1

      61be23f8bf06ed5fbd200f1194aaf91082934926

      SHA256

      62209a57a7583ef3528fdf8043ee14dcb436a5eb3aba1a0cd6d85f91661d0b31

      SHA512

      845445e60d7bf355d645473495ee028479d3a7296041de6d9000420b9fe91022eb47c823297d132b65b40517b834eedb7c209306c53842de13df1396b94af1b2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1cf6dc853ec65837cc87d599b4549769

      SHA1

      93a2c16ffc1cc5df80d9ae72986ae2bd3cb51623

      SHA256

      c566ff13cd742e10055c995133e649df0a15367ead386e16a8582f58b641922a

      SHA512

      0dfb7c4c4de99fe5329c2d54c7afa2ef612ca919c592ba4bf3c4b31d9b24ea7d006b1a6adc06d548dc24ad65fc11f3fe1f8446c3f2939e5c111c04382424ebb5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      728842be58749a54faac258587c08d48

      SHA1

      1309a165b10e7d7fb560be287483ada7ebdfc216

      SHA256

      2efead89643bbb42c2a2ae92dfb8dcbcd8219aa400c3d667bd7dac773d6424e1

      SHA512

      fe9df8b7951761df3ad7463a7d3d69264cd084f5779817ee5301f9d131999bd24fd54e51501b1d58119e65f285fc07cd60b250f0e94e73780f13286410d2e531

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2146c568f4064a3d63cdcdeb65b117df

      SHA1

      bcc2d0d53dea636a60e57715a95695dffa1ac082

      SHA256

      ac1c95efa84ad7f61c45fc0adadd2a303a3295a41aa1e99e1d3286d400beb1ac

      SHA512

      86368b23a0fe4ccf64faa642bdc342830d65adfc7b7655f25e1325a463f93a52355d357c5d8856ae8bed08cb8895977ebc302095cbc41a43bf2beac73360e62a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2e890ce3d1782abb65166956d715cb80

      SHA1

      3cd5a7b7ac8e972c08835044e1486f3e34e7c7b3

      SHA256

      9e74161d186cea1c9f64f7b1bf76e06fbcfe40cc6ef53b0454b3bc3d7a7095c9

      SHA512

      841532b38066c7058799ab5edaf70c93135ffa1d6ca4133506b30388471adf47b67b4e1eb35dc7b6abe6e38f7b61c4cb3f0c0abe1085a9751b104fbb5f7c661d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b99cc0325394ef6705e1321b6ad58205

      SHA1

      a378085791ed2222a94631a4614dda529706ca1d

      SHA256

      ae41fcf6321b29dd338c83f5160d5512d1ca18796e9ab2ebae5439bd8d04e0db

      SHA512

      0c9506ef910ed7690c391244efc9fa8c964c3b400f72dac5837bd857941fa365bef6a7d96adeb401bb70ad7caa01ba98f389766e1921a62db69ed17f24f60572

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2974b8dade93596828d854c3703d7821

      SHA1

      fdef5e1620c6f6030061c61ccd1ee2ec3f097c10

      SHA256

      af5867a086abbbeb83e5872cca6460ea7e7f969f483367afd09e58cd1f0b97dc

      SHA512

      78bfcc844c3507c64ab2608ff3fa2d32c95c99158fd054cb87717ce52d21f68f4bcd8a7c28e1e6fce799e260472136f2395870e02d2a87a18a1dd17096dc2c7b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d941527f504c839395a1526a6ad82972

      SHA1

      0d2d783720b347e7dd6e656d3d2856aaf9458f17

      SHA256

      707342f9c235d92284701fe23bbfc21b5ef90701b681c5c9d4dda7911cff782d

      SHA512

      02e1543f37f4fbeaf428460776fc694fd3db126ae0410b9270b024b7e9824857e405c0e8a62ccb790f20cf4f1193a3177ea60c7b507ab7287b65f68e0cd9f210

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2d1e1a4709a89ab049f42d03d6c322c7

      SHA1

      0218c97234fa3203a83daf8d5bef57f222d7eee5

      SHA256

      8eb00c7390e25689b2779c00f7ff35f0e50ee8e0f7f8fc921a18b6039e40f16d

      SHA512

      cf4561aeb820543b583dfdf67817de7be52279c8cb6555e1005c70b273782481f0f00f0b1ebeacb3d6a570381a8267af54e8e670084744aed2f9b56f0fa03938

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7f1a61118184de8e64943fdfc68f0502

      SHA1

      0880fbcd68fa497fe294fe2aa7c0a102427082b3

      SHA256

      ce8b60074e65ec771e0a1242e655038040e90881765f81513a1233c2c512a093

      SHA512

      80d29d58385eb8fa1184c65429c66fa4d0881260defb4ae59ceadb3dd2c8238db055661a224d21db412e35d12d589978ac2e0fbeabee24ca0023b5171c6a7794

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3435fda868cdc4b5f8a9dfe9501eee94

      SHA1

      1d62cfcfa4cd732ad426bf192db40bc5470d6f67

      SHA256

      31d402bf956a2637cd1b2eb4c1b949dd8f81fb159aa0b127dac25a2c7356028e

      SHA512

      cda2aa82cb0bfa9c0cde1339b8866ef2d30879312064460c8347616bae0f8152d745cb8610a3bae46e6d734bfa6573929edcf0d4c2c24c653a66ab6fbc930888

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a6147e9207de91bd952505ee2b7dc947

      SHA1

      f86c9aaf94868615da61f386c545bb11d8b2a2c2

      SHA256

      9f65e983599174c51b562ffbbec8e886e0fa84808dfaf3b951931f5a32c05b01

      SHA512

      7eca16ee44d531dfe2ee476c956f42edd4abbd1b57ba535ad9d4e5d4f95645149fcaa5782f045403aae68907586889cc009af6f6b7ac35031622bf437061a629

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3e6ee7d41f62bd79277ecea835490283

      SHA1

      f53508d118b5b96bfb6fed5476d0190519b029de

      SHA256

      c1ed1042ddd6d21b7d98d6646fe0181f142bf2650611b52c2c51ab2ad4bc5c35

      SHA512

      3fce7243b76b0f98c6efd2326c019c47c2de8839a30187f61976daf2c5ffec673907d2f68fc521dd4e5d0ea4f36f7796e0c75cb07332de995c2c0c45890812d3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      958e955a867fd8916919743d224a088f

      SHA1

      bda625c6cb1ece47f5d7df5559a097ffd02023c0

      SHA256

      3a7901fd485fc930db6cfd5a391321fb4a2607c3f49efb83799ea6ff48888643

      SHA512

      0e1a963995b3950d7e97e3b35bc4e8590bfebed9ac3b143758342dbde56add045b9d7f2af7e073034b0b2aeea1bf63b184d0825c1752196e5edfd27a6849d0bf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    • C:\Users\Admin\AppData\Local\Temp\Tar327C.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2596-7-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2596-8-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

    • memory/2640-20-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2640-18-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2640-17-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

    • memory/2640-15-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB