Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
13-06-2024 10:05
General
-
Target
a4fe9f2cab9146a11b27c5cdf2f8f8a5_JaffaCakes118.html
-
Size
195KB
-
MD5
a4fe9f2cab9146a11b27c5cdf2f8f8a5
-
SHA1
87db65bb3c2654da174816ec4cbe6faa1f964d20
-
SHA256
e5ed2932cfc461ee0891e46bfbc5e95d4eb1876a585304450862d663b1ce3cd9
-
SHA512
2d737a8d4fd9342384cf50bc649240c33b3cc429787ffe284ccfecbddd1d6bc17c9ba96b50f0e8e76ef67e675dfddb6d8267a5e3cd7b54180b6728e8249e92f5
-
SSDEEP
3072:OyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:rsMYod+X3oI+YS1tA8
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: MapViewOfSection 23 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4fe9f2cab9146a11b27c5cdf2f8f8a5_JaffaCakes118.html2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1884 CREDAT:275457 /prefetch:23⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCCFilesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCCFilesize
252B
MD5f9a475785dfa4cbbec115cb697d64187
SHA1f247fecf2e33ba617950283b8887ea1a25d45d25
SHA256a46756844f8154affe30b6b52599e588eab7eb624df77c03ad1c12dfed3bdcc5
SHA51271fc4222d8d0d0a46408f46b83d5b91739c0796b6fad5982efe2a35b28fb1cd013799bd6ea4c41cdfb5767866b479b30e9986120c05fc9c4e2edda76618d24fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD501a9f9104db63a0168de903350755916
SHA15704ae27f8b2c431b57de9bafff3f8c5c7e28563
SHA2561f842e6ea6af315007139ef077ac0f702d55a74629eedd19cd1ae4da5d66ab57
SHA512f359c4dc498d3d98f0adc0ed60b091076b70db7fcb42b5b27137723adccff879536a4404c3006befb3e209cb7f36d3baf3a99e2de50070f156f460cec2c096a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD536e46dc45d2d9eadb88c99a30035afca
SHA1aca24f3f5e59dbe57015b18f375df8434fa8af72
SHA256fa867dd0623a1699a7f6694ee11713f829c1aa6fcdb71f4a76c20caeb3da2c6b
SHA5122c06cf423d5b2470af90e2fc9ccdb5538e01d285a81e37fec2a888fe8b28cf57f843d3342b4e6d13952dbf223d669026d1ec1f05fb23fe2f352679e57bffa1a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD519da146c15b5a5e24dc2200a8e95237b
SHA137134ad411963cd2436e8a140f34f7ba709ed508
SHA2560dd44d6ef3536f1629216e3b2a20b017043a91343bbb07131f18226a994e56f4
SHA5127904c647d6728452009adafd9bdc7830dcda9a6cde7d1c2572903290af18a00e3641c384157b6350746f4f9d1087466cc5be4a344795d99a502e0b4edd4bcf81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5984bfc3bb3543f88c8fa8873cf66ce76
SHA196410fdd2c5e5991a8e677f26ca92e868236aa1f
SHA256f38aa2f3fd327dde30b9997cb903c5fb6ba5cb0cb62eddfadb2ea83493eff861
SHA51236aea5a2f332f2fe96d46524dd3a205d2b049bca7038dbf6972ab18589ff54ce2ca9639120e468f3cf62aff6dbaf44ccd60eff2fafcc3989035db5bd209ab9f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD563eb4160cc8dd249ec0fe5354649be0e
SHA188b04755f89740ef457ae5407bcf727bdac931f5
SHA256086f978b7f27e60913b08d5c9fc505ccccab0303c187ab82dc7f85fefac4eb30
SHA51248985d1ddcfd858d935a0e430bba8d3fc92d45ae572d7c037c6caa1aa477092aed0fe341ffabca10ddc72e8785eea0ad3a8682a0402344446cb529501b2c56f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD56dda5decccbe8d65fde3423373e08c14
SHA1504d307e9160329a2262dfd6c8115fb1c10fc80a
SHA256be016ab831fa43de45cf4130adaad45f3d928f7dc68df1b70871ac5ee780553d
SHA512257f7c9a4aed949454c301dd411f9f8972232a0350b23e4b2cc66bc6d24487b429751f23de505ccfaf0599c5a59825dcd76e7ddc7d944bdb82a0da53cd1f32c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5ddfba8ef25b95302bc5ab7728f6c7736
SHA1fc7e074d983da2033016bbdf179d60fbfdf0fbe7
SHA25620135fe3a21331e754e18cca974c6fa1fde005e25240dcb19670381a8b8b7c0d
SHA51259d99f103cef360c5b47a5123bcf6db56420c2113b23c79707154c8c51e5d9a6ff07a2236d8a7d94141c54134d3151d33dcae54a8929ab8fc7b49fa663ab778d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51ae5ff5abc0b8c063f31cea0b348b326
SHA145cfae0daf75de14ea9e5e2a2d21494c7933f76d
SHA25695c6b16c9a690c09efb0f887884254206e8a4767d6a01c2eb853523d94e5b2cc
SHA5129c855d434f8c3ad15c2997c5177fd5d83679c06104b5a84085727395221e7b9878f680e652b73f21761f5c38d222cc60156565af4e1a27cd09e476cda99220a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c9e2e484867568a68133465061038b68
SHA12ff4871e4032287f97d6f869fbc87e8bfb9c85bf
SHA256f0f94a562009c3e8a66bcce0570b3b4fd9c825e3b98fd7a3b11965523b9ffbf9
SHA512754d92853b4b2a29ee28302b5ab22b5d8ba4a200cfdc30e0569c42ee7a34d1a0d86b625efd87e84309bb55f9fd8c20708dc3578b3ad8ba30c6f5099bef1cc88a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD57c223249b5b545b644b0ecdb5b77dc99
SHA1d52237ba86c80ceb2953b2de5d6e890dbb5c5a54
SHA256a9f27bf08c799104da61d26826e101331ef4064bfda086e0f56367e331212809
SHA5126d3416ee01d47862759226038abe91c03d691f5eb0f58e9c87a42bcd11ef21550885f64fba29f93ac7648002da67f629ca417059bcf1c11888b5bd8be455a383
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c27306145e20d8cefada66552aeb76c9
SHA102aba0fa4533ff30f87f07eb59abaa0315f8f88c
SHA25693f99ad4b76bc8aff5447dbdaffc895739f4dc8a06654c2761f2eb133f240435
SHA512ead459e945b7e2fccad56b455e74157d95e188c043367092c1b8e0dcf1e8fcedd55f380ae12ac7d9684a63d6e20a02f84180fd4571d27dcbaff80966740ded98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5da0eab93cd144d9a874d46d1a82d5a18
SHA14b9b0f878f2f85be82f7ad0ab266cbe635f8fc95
SHA256cf99eab1dbcc9a31300cb60c74d13b64f4dfea4559a095e1142db06b22059c0a
SHA51225be9045b7b5c1bdffd161c5718c3beca93f9326e7c2a289f03f21204e5aff498fbf47f56c86f78f584f67ed8e94f1b0d626d2c2e69582cee8c2806a1d1b401b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD505df93dcde8098ffb7b3429c58675ae7
SHA199b13a4cd8371d636f89a7db83f23241bda1d21b
SHA2567fe38b0b5967ba0c6e98fc251e1814ded3a37c5808caf1900ba1bb8967dffb82
SHA51281b7e97a8df125d6c8bd135752230a450369c388e8b832b428f3261f45729b138bd71e2a75645abe61df7c95b058e493619e9cb60f671b847449acd73567ef2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e3f9182b53d1a6b954e1e0f55cfe51db
SHA1c2d1cb7168f12939fde28127df0d35179e89c93b
SHA256ca5678d5d6ccd7df383dc3ff1351956549cdb90c49dc61fff7f262bb1f610ab2
SHA512e2caec42c5932932c9836a6d939847bf3b2762f4f6a96fe2a4e905e3282261fe7035782a70429f29a473fff79674b101a6c304999a54285cfb88f05819d3c373
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5357fbca995f2ba8b8a982b20224b6f1c
SHA1ac3a8d39f033db8a3b5955e2b27d12305e4aa421
SHA25605183c33e81af189777f32a7067fb29eb8606717c8666258b237f9efa923046b
SHA512a782ff865b95c331a0f7bf78b353e9835eaa24edfe69c88e8df5e24228252692e803a20f6bece6d6f2f160fe1fa38acf8f124f7c434f9bb34f8c5f94c03e5893
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD57222814e99f18493594fcce839b1e868
SHA16f28bfe3e90d807052fb368f559c2450c544dccb
SHA25680fe52aa9114479818da9505957b3734cc116a3c367435ddd18e860a0356d468
SHA512e021d670237ff9c0e061535b77f1e172aa614e036b93f9a3698a1cd356309027c04645a224227330df19ab60496af98f728321652b725e4a8f95a9c836722a81
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD523474a0c58338e99875da5dfff17256d
SHA11eef023e052eee605c07732013f227142b10f6af
SHA2563d786441b8731e2310adea1b719c457a4914512509996dcb93b0c940f4452810
SHA512dea8f847cbd586a0c1c5e042ca96fd61257d193ccb6035ebd7e52c49728a3afbb7a806094a1c253012214b0db87befd96cc14e293812653f3156313498f7e7a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD57e2b6a5791cc953b899da8cdc0e30152
SHA1a18382aaebc00cb8d7d182f032f4a0a8eb81aca2
SHA2560e49cd6fd8f21a0229e2b1ae3ec69e65f28e86886f3467d8faffd98046af75aa
SHA5121ef595588aaf08160e3622a95eabb4781a32320d31b2fbb0d163fb6a492ca35d3dc00d5228afc5c40b1ca3a5376dd30be021786b461673a5eaf6ee0d1069bcaf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD52f9c822171b8b90f23f0994a9d13ddad
SHA12acd50e878249d8540ef4173abff345f85af1c94
SHA256d07c99847902293efb4d78d15c24f371cd50254d2649b4c0c2437867f006fb32
SHA512e624bef7b93f88f9449982eca5b0b67c63082af168a9aa4ea901d5344a7e8262ea1359fdbb575d905e187834479925bc29dae4cb6e9196580b05afd2cd25821f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5064d0851879c6a8a4d2e36f2b03e9f6d
SHA11345f3a0aaec4a119e9ace76d06d79a2553d0183
SHA256c9a42366a339da187bac37da804770440efa190e0c05d19a7b46cf33ff2456e9
SHA512ac8ecae945a1b501fd9dc59fd042471b5b98171de8025a19ee3e713e95937ec1a8e7397f4c4ab4b21c86e5ce20150f1693962ff7f55f2baa753f2d8c141b8eea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD504874ed8dbc7aadcccc6dc258b6abda3
SHA111a14fa019717aea071ee6409ed744e2cfff2171
SHA256136cdd4d4657ee44c05335d55480cbea6c090f8b719a1c30c2e71f8df955655c
SHA5121bb75a06c93ff861e7cb5a4c3fa06999d62e3f52c634076045575fc5f87f8ee19ccb48fdb48fb82417247d6c6f3cff45723c00b3162732efdb78557f0b17169b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
242B
MD56f0e9bc544707b8e23ca1a40ac1a6ff1
SHA11f4352eca6519305074aa3740140af910f2786ce
SHA256064fa366e038cb479f827009a046ee6e14d493b2d11fc5bdd91aec448cf2acf2
SHA5129506cbc4880b1e34d92f4e6754643b02b4a9fb84f80fe833474463bd716790a934de47b29dca610a5118193ea6fe02c7fd2a5d11d6db0446737512d19b353680
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoFilesize
4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
C:\Users\Admin\AppData\Local\Temp\Tar2820.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
C:\Users\Admin\AppData\Local\Temp\svchost.exeFilesize
84KB
MD5df455f0fa8fb3fa4e6699ad57ef54db6
SHA151a06248c251d614d3a81ac9d842ba807204d17c
SHA25615068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1
SHA512f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6
-
memory/2600-9-0x000000007798F000-0x0000000077990000-memory.dmpFilesize
4KB
-
memory/2600-6-0x0000000000400000-0x0000000000436000-memory.dmpFilesize
216KB
-
memory/2600-11-0x0000000000240000-0x000000000024F000-memory.dmpFilesize
60KB
-
memory/2600-10-0x0000000077990000-0x0000000077991000-memory.dmpFilesize
4KB
-
memory/2600-12-0x0000000000400000-0x0000000000436000-memory.dmpFilesize
216KB