Analysis

  • max time kernel
    134s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 22:12

General

  • Target

    abb36dbff4123059f96e8df42d870b92_JaffaCakes118.html

  • Size

    157KB

  • MD5

    abb36dbff4123059f96e8df42d870b92

  • SHA1

    ae292c1a475de4118a806f3fcf758bae7b475ae6

  • SHA256

    f8d5b9bd03e10aafba8ea13ca46f6ac6d1db588ccc96e37c19ff7ee8d1a8d7cd

  • SHA512

    194655ce258c801d2876164d46d797437559778f7434e51b97e6fe4ef9b0440eed1cabe9c938db1e2b4e9ed78af6129dd79d2724b79291c9b8fdb1c4c1af40cb

  • SSDEEP

    1536:i4RTbIye6BORLyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:iyDjORLyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\abb36dbff4123059f96e8df42d870b92_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1152
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:840
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:588
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:537613 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1880

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9b2653c353b20129f56e5097490084d3

      SHA1

      1cc80c237a25977250f09617aad46e419396f7b0

      SHA256

      0492481f838c7658201dbfcd4777037c08b1d31b971edafd986da8d6aa94ee1f

      SHA512

      a50209de0f02fcf95fc80d9b0f2ad883e350a5b95242c54564c9850ea6672c576c4de3e249b48827d176916eecb318435ac02a717d443b472187f85346a94777

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2e45e874e4399fbd42dcaa12a12245b3

      SHA1

      b52148c99bb16949e85d07f463dc6f2b0172e705

      SHA256

      5957b0a26c5e6d8b5bf315fb63c43018f72bb4bcfe8a0eaae3178e127d433f7d

      SHA512

      a1fdcec53602e223c7befaf51a2d52f24a6a569ec272b4b2d41d5ca6ed71ccf0c3c5c89e1d0d7b2c1835f528e8f441f8398a6610990d7dabca5600e5a5aac392

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b677c79ed6d56fcb3e6c22f9e5d56b5f

      SHA1

      ed03c50aef2ae1996caecbc7c856b88896962b83

      SHA256

      65d3f6f3042cb5a7ab7093e8447a297ea2c068b0d85d14a2e1e403b9076fa0de

      SHA512

      9628b8fae577c4564bdfa7c297b3237792fa926c827f87d72e3beedc11abc7f11e71af9d745eeaccdb87379970b719b0d4bac2bf1966d5db090c2408e46d67ad

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b9f0d664bb411979f340b96ef97ceec9

      SHA1

      78e114c6baca52db2d741294c8a2c6ccec6718b5

      SHA256

      be2efedc88bc7de167af6fb31c060c1f47fac1888d3bfe3bd87abec573f2e1b7

      SHA512

      670b485f964c0665b2ef8adfa2d4e150f9ef9eceb499a0bcbb6b31103664471433c8e37f6bc9add17636d03910af32f7144d5637757e6402353e3c0a5aa3a8b9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7e3027e8f4ee027834b6311381fba7f1

      SHA1

      d712301a5370cb15b8243661086756a385bfa9f1

      SHA256

      f5576e530a7bdff7ed5c52879851d8eae5efeb822684f0a2dd8ba1289c03da2c

      SHA512

      23b168ace5a4bd60abedf436c4652c6eeb414157d8715a26ee2773b2c6f779c886c485c3b14638f5a3d45e381d5876b6fd0793f14c802e4958056b5d8ba5d39f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4cf90e185838cc0e38fad631cc584cfe

      SHA1

      b52ecdc774cf93065b9ffddd7dd8b1535c5fb4df

      SHA256

      640e34e9a361ff443add57b8bda8cd4c2e260a42719c924867f8904cad10ef4b

      SHA512

      361a5e2d229aac11be081965e1a714eebef2a5c13124dc77819492fc8cda0891fbefc9e70e3bc1fc0d3223cd54366c9864a40d631e3cd46e17143cbb614a45c4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9f1ff9e702b799b8736f6758e7d33b7f

      SHA1

      0c2e6a872514278fd3313f3007c6248ce35daf07

      SHA256

      f65a17832a35a6166bc9b61478c5c6974fae5ba806f69826005cd2dae91d52f4

      SHA512

      af43434f6960a9ddd68a8545bf3d51050c4f8d620e23407b6f8a5e108abc8b95cd6597382911163d34fd4cd305c22ee113699566067743c3f26a4182478a9673

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      df69e6cffa4bd785ff855cf1c1ec6821

      SHA1

      dbe788bcb8fd17bb6126b63757b5da9fb83a78e9

      SHA256

      562fe9fac6b70d405157a82ad52d72c19815f6653fb871bbff2dcb02bd1b9418

      SHA512

      e506e473c129eae9d2c98625e913024de2fff87c7b19c0281ce1b23e7fbc432007bbd9f4e8988f14fe1b35d72e6ad2c7de1397fc0455f559f40338f25ae4bff5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      13f6fb1998321387a44b256fd450a23f

      SHA1

      da8ac3e498d271b9b629cbd3bb9665ca21739f14

      SHA256

      3f11d5bc0091104ae8137121ff3eac32f7211b48fc6410812cd38c91b13e448a

      SHA512

      1c7e968042e919b7448236c34f39021e0dcac4224f6f1cde9b518e976fee8794f634c4c96cc327bc9b1ecb842931bebdeeef1cbaebe45aa21df2fbf2f1a9f1fd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f86b929bae9f439895d2dda1a8b55a7d

      SHA1

      ff2fa6b7e00dc2eb2f6efe8745f388c834cf8303

      SHA256

      272ebaa23144915739c9f212a91d86c0cc4598c3b125948fd0e6f38e9b9ea423

      SHA512

      81caebd9f8dedd49255a9a7f9a39259e0d50fe783ca24301a766140828b96436b1fe074fc396298b2bff4e5d8767db7e0ae52153fd510d2fd08d1d1f210d2c43

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d51b4b6773bc63094baf85d747b9e2c9

      SHA1

      f8b898b0db4a67563634c11f8de490887c8f1bd8

      SHA256

      c44eee8513a95776cce5372fede5149246c19ec14eeb8362487405778535c681

      SHA512

      b60e011bd9f193601f49f36c6d66df217eb6965c8830e073016d8117dd4747430fccd25d1aa76f591f20c52a9a44707d7684671bc353f1b731434bfb5b951dde

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f580f48fbac66fd21ddd2b68e7e3f38d

      SHA1

      c270b5e74d5687804aff39f4b34ce24c93200383

      SHA256

      6b9718fb4dd9a7eccb8ad685b8c9faac13707cb5ddbd474adddb94829624f022

      SHA512

      db34767667d7b1a62d14e37fd2edf16abb0cc9568902696816a280e30e098ad36a2f4755e3207aae83fa99e7fb36f7b3227691b2ce5d7cdab74855c23972347c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2a4de56da2570566d3bfe6f36401286f

      SHA1

      178be40bd9017104b6d3e3709ef8a330f489d7bf

      SHA256

      1f5726827368b881a5ea21a8674bdfefcd4f50e2111262c64f0a67900992c611

      SHA512

      8d2e2f6341274350bf523955e1c958088548870debaec1091287df496850a927d3fe3c088f50029514e65f1ee407b183400e6f1d6e859c3d972062098e0217d4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9c2740dd451ddafa9f8242a3c5b26922

      SHA1

      9ac4f4da6252d727054d7c9e524d4fec7254143f

      SHA256

      5e8293a55c99d1d7b1a76d5e2fb3833d5022aa05e5153584d0a240c27e85d3b6

      SHA512

      3e689ea484a0f42194f2504336365a28bf7dfaadca35082c7b2216081b1d44f73345343bddddc36ed442e6578f858cbff45bb911c730438005d6778548d83761

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      675b10509c53edd7a91fee7d708cc316

      SHA1

      638396d91c3ba98416c07b433fca0f642ae69ee7

      SHA256

      ca471b3777f7126010ed0dc98700486b5cb115893a52f20ec2013a8aebe006e9

      SHA512

      10f36b682607b04ff4402a831941c344ab0a2fd5af7fc84ea8586591233ad777119a9f983e27cd3c7cdef9cebdba44fa6ef7ec5645b5cb62e852d83c2bc8ab88

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d90c177419eae49cbbb48c008c6f7f29

      SHA1

      92a4d7a753b500b0f024d00939dd96bdb4f7f71f

      SHA256

      1a1cbe115e40c9afa53490f2eb64aec8a9d9bcc365086996847180b60c5e0499

      SHA512

      9d4ea679ef262b55a13df04f3de70e3d16218794e566572dad726ceeb59da9e0ec17ce01e655467b458f605d6dae5e4da2cc372ef5bc1aeead29070b7aa60a63

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7a4974c664575fe77996f688a813b446

      SHA1

      0ad480e60c7be12bce6b12dae254ae3934a62e21

      SHA256

      6f7df93af818c537381565885e80eb8e9b679571c0a0924db828a8e62edd1509

      SHA512

      49bbc6165cadb43395cf354dad670025a6b3390b9897073ae3ff00d14ea57b5facc414289c9de8370f631d04191abd0da9d5a87851c66061bc02655205ac859f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5de73692b5c3d4224f2a89d3afab48b0

      SHA1

      de99ceb510911d51878b59e90c10d7b2d3837b09

      SHA256

      f491dff41900f7f683a2ea87613db514be522a93c28159b202ef2f3f4a1b27d2

      SHA512

      8c919defd6352ec8c871651a55c06faf655ce2d2f7be807b5a95f4e2ef90e2b04e371c14db3f8e6c3b5c7b10f40f6d8718152e6b33725d859e0ee3eed9f8d913

    • C:\Users\Admin\AppData\Local\Temp\Cab6BEF.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar6CDC.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/840-443-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/840-450-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/840-448-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/840-447-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

    • memory/840-444-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/840-446-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1152-435-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1152-436-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB