Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 21:45

General

  • Target

    ab9ab1973395c886b5ff706df7d1eb7c_JaffaCakes118.html

  • Size

    186KB

  • MD5

    ab9ab1973395c886b5ff706df7d1eb7c

  • SHA1

    99ba33f19edd3c574834c6d535c5837e5dfecaa2

  • SHA256

    ed1867e8b770fd53dbac6586770c0de0640a192d18869978c7db4388c917f007

  • SHA512

    c277afa5b957ef2a7947db68b3ae0971bb9829c56e45dc7054e60caa0f3c7fe2ce2e9b50efbfcb923c721f6afcfad054ea47caa8ed90d3e79585132c22eb6b6c

  • SSDEEP

    3072:tyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:4sMYod+X3oI+YS1tA8

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:384
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:480
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:588
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:2012
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                3⤵
                  PID:656
                • C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  3⤵
                    PID:736
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    3⤵
                      PID:812
                      • C:\Windows\system32\Dwm.exe
                        "C:\Windows\system32\Dwm.exe"
                        4⤵
                          PID:1304
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs
                        3⤵
                          PID:840
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService
                          3⤵
                            PID:992
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k NetworkService
                            3⤵
                              PID:296
                            • C:\Windows\System32\spoolsv.exe
                              C:\Windows\System32\spoolsv.exe
                              3⤵
                                PID:1020
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                3⤵
                                  PID:556
                                • C:\Windows\system32\taskhost.exe
                                  "taskhost.exe"
                                  3⤵
                                    PID:1224
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                    3⤵
                                      PID:1620
                                    • C:\Windows\system32\sppsvc.exe
                                      C:\Windows\system32\sppsvc.exe
                                      3⤵
                                        PID:2348
                                    • C:\Windows\system32\lsass.exe
                                      C:\Windows\system32\lsass.exe
                                      2⤵
                                        PID:488
                                      • C:\Windows\system32\lsm.exe
                                        C:\Windows\system32\lsm.exe
                                        2⤵
                                          PID:496
                                      • C:\Windows\system32\csrss.exe
                                        %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                        1⤵
                                          PID:392
                                        • C:\Windows\system32\winlogon.exe
                                          winlogon.exe
                                          1⤵
                                            PID:432
                                          • C:\Windows\Explorer.EXE
                                            C:\Windows\Explorer.EXE
                                            1⤵
                                              PID:1348
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ab9ab1973395c886b5ff706df7d1eb7c_JaffaCakes118.html
                                                2⤵
                                                • Modifies Internet Explorer settings
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                • Suspicious use of WriteProcessMemory
                                                PID:2160
                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:2616
                                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Program Files directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: MapViewOfSection
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2648

                                            Network

                                            MITRE ATT&CK Matrix ATT&CK v13

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              fbc038e149807c67f470e836222c16b1

                                              SHA1

                                              681f5815f17b6ec6d8f9a409098040919fa95df1

                                              SHA256

                                              cac696e44a2684e3f164ded13f92946c70249b100c3b0386aa1be56fc8e0b59a

                                              SHA512

                                              d42c1eaa89bbf15a466c0ee0e7d2cd1c03c4ce76c02872d4b17297faf461652a77319f20435efc114e0483f359680c8a6010463706801192809d357d4cf1b53e

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              e89f550aaded212f67420532d92bbc3d

                                              SHA1

                                              f03ba1f5d601ed734e4d61280f659c316021faf1

                                              SHA256

                                              d6bc2837af439e664600394fac69d83b74e2e5e680415d37ab0cee260c92186c

                                              SHA512

                                              7064e01eb131b0205ad391220319f81670ce470f9ab6a3ca5ed6690696af834c932a7c4f61df615490f6171b294a8e5af863285ccf95d3b9deba458952a24033

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              77eeeb3c25753aaae728ac246aafe6b4

                                              SHA1

                                              1c158d83f5e0b93b8bc8a8cf0a99021fc9a5f80d

                                              SHA256

                                              05dc29c969e11cc75e5884166650675bd467a3c4efc98f86d53e0d6ebb00ef20

                                              SHA512

                                              dfe5a9015bf85816696cf5cb532a3e3321e22a34bc9f95cc1e1157458c5250610573945caa838a151ae75736a65dd9a293644746eff5d0fbcac868181f898176

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              057684272024dc870b57b0ce966dce02

                                              SHA1

                                              fda7468fb167dedf767e318ec3276041a3524fa4

                                              SHA256

                                              cf4f85eb342780d09dda8f488764f9f7d2be21865af29ed517151a12d7a57e3c

                                              SHA512

                                              05a2e333ece08796d0c1a36d45425ddae3927f9902a38e6b7220f004a3ef3e062b279bc88e4b51b34cbb7858d56db292683cb20c48167f33877af550c7c07ceb

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              a3043d88268cc0897c1853cb3a026a1e

                                              SHA1

                                              be45c77d92c1f4e5bfa74c1722dd0319730bb375

                                              SHA256

                                              721be0a4e622b99f9edc7e3d5d8c925b3ccf50bfc04f36438fcdee0c419613e1

                                              SHA512

                                              9d83f7391b81750444c4beb052defeaf411ac069b557489dbc4cf4609685741663d4e85a5fc8504fe40a4c0b506d44f116ccaee23f764ce7aeb73cbb6c571597

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              e25f790d8b331206b0f10e718ef5d659

                                              SHA1

                                              b44a187408d2410733194c7866f9407b7b742c03

                                              SHA256

                                              9b4431737fe3c77d599a6bf7e9403ce9a84592b877a2246e8f7d28a58bac7aeb

                                              SHA512

                                              35c88dccc169dbce6596efa03f5c2f184428184c8c8f607646d65a55e228f65fba9f2ca4c130eb175ca6ce61d0ac92e63c8a5ab5b901d6540f8cd789eafddbb5

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              8e78fae7132589137781f999df7141ef

                                              SHA1

                                              631d4bcbc3aa029aafc104ddd92fba66ea984473

                                              SHA256

                                              16ece6bb64e4cd2c7a253ba3f36caa81419ddd5e6c27065d6dde0a0a7eef3874

                                              SHA512

                                              9597043a0f15d0380c1e7a5f3d3e7baa54a3cc6674bcfe320f041cc31a8287b0c6ba4bcd14b0a72d73469caa68f7db0a8b3220e14b25a6ce4e39571db0a1cd55

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              52075df5ab0873b76559bc709c4c3b4a

                                              SHA1

                                              1ee54218c0c1f4a414978d511c9b7cd43bab655a

                                              SHA256

                                              fe77188d89a1b167fdde0e72535503c14d4293d7463fb45024b9d2b4791956df

                                              SHA512

                                              36d1761635c742ab30c9085ee57a1fdc87a23b839c69594837f7ec92103c1fef218553774b4b8eb90f25fa76b82368969bd3c1e51ed412cd311f4228e38e6d36

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              1fc2bc6e91d333e8070f01628caadb65

                                              SHA1

                                              621de1c82df2ea89aeb0869c515cc91c7bc98828

                                              SHA256

                                              1ceb6aac10f24b1d4a58a47cb901501bcb320a7453cec1618b7b03ae232e70db

                                              SHA512

                                              c1fb43101f19df46151d8bb422c36a4a6f5c5ed83298e6362921dd511f715e14abb0e78fd87cf31cacd1f24b1c2b063135a327a6a491a13fdee9ca55e942ef92

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              0a13c4df42c50b8ffed8fdecc09de355

                                              SHA1

                                              cb88676026689ac1bbdcec27ecbec86825691bbd

                                              SHA256

                                              ee5aca1eb8116d5f1cb35fe8fc4727ff4fa730d25d1f79dc1e3fb7de33b7e6e4

                                              SHA512

                                              208afc45df2be101f13ab6ad1847712494796554eeb329b412f1b0fcfac721e5e3a4169523fa10e25e20b4a0da555064524ad10f5156c4fa373746cc91808d14

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              4f73ad0e46835f097382c4991c21776b

                                              SHA1

                                              836367456baaf63a1600569f102dbafe3375928b

                                              SHA256

                                              7390016a2b923e14c339985b9e2e8b93005a52f04395312c43ebe7b50652f3f2

                                              SHA512

                                              5d2a26c10488a693e99838205319324f4278de61a34ba375076d31930b01b9fdaae188a9009f2683feb6b42d423df023b6fbf5637a4989600bccb48278bcdca9

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              a1a13198d9edde9b10f1ebb775676c8d

                                              SHA1

                                              07481a101b67bc80a663fdd3cf8a1ab03d5a5484

                                              SHA256

                                              34669a545cdab23c8216f3b5968be9313ed98077e5621f5224a4219fa92d17dd

                                              SHA512

                                              fd7a1d6699940d4431dfb6187e510c2fdf97610f0b111dfd5ce87a70c736b8d226f6cc436fc7824a4b86f59aa4df1cd61c647cce2de5e1760dc1da9edab71584

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              6695e2e398333c256a69ab17f7b29665

                                              SHA1

                                              63f5f022436e782d35ad3398fd4beb8d6026388e

                                              SHA256

                                              94043b49e869a3a08b0aad35a2a4d5dfa5eb5b3d49518a070526e51adf9323d7

                                              SHA512

                                              4b7f68676b52b86804d1bf5ec236889f046c37afb6f39e8f7ec34befa4a91061f6e81de1d7fcee1f84a35ce1f736166bd76388f66e27a8eeff6a589ca7154eae

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              43a0d3d6dac3f00a975c434ffc512580

                                              SHA1

                                              5eebf6eb667222222a78d775b562b2c568d6d38b

                                              SHA256

                                              14ee7cf17fd4d4ae7678ae35abbf246690dfd9ad16be79b8ef1d3135ee7dd3ea

                                              SHA512

                                              6439c430a06eb107574bec143240807c9546a21705f8c73d3e8402f94158d4bd252d3cf4ef32979cccc091accfb27cfcc15a6d74c3dc96b776fe6434e1b95886

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              bfd0a6595c89f5512f08f19fd1cf9892

                                              SHA1

                                              8cbf58eddb1ff968b1ac3ab5be773e03374cebd1

                                              SHA256

                                              8ff95283e7af3e67df4623f0311312d1d061b891bebd5f68fe8b3622bd759f5f

                                              SHA512

                                              0e3828a3fb9d618e6e11ebbbf11e224a9376dfd299d1f0e3bf9fcf3c9030d17fcdae2022f068674843d6af439f36210378bf70437e32d6d3d5aa436f14b2b2cc

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              5e05d381872c8d3569d1a87383b56139

                                              SHA1

                                              fc468ec96d9b341297ae6e6c32c010811a66d789

                                              SHA256

                                              bd76d898cd0a058fcf4f4ca054d4ea246e7e53f1eddceb91c50998b07c915d81

                                              SHA512

                                              08ed170e494549bd71ed98f3021a4d3af775664cb72f9dac03a4b0024f102c8c796522b9017813f1a593d3501410af76f6bbdc346893e7d4f481f42df43bddf2

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              6f050cbd9848e34ecda87dd955522639

                                              SHA1

                                              825d89c1e210f2e9ae826fedb161d3a5743d8491

                                              SHA256

                                              20213979e15c1bb4705c072bd4c306064b1d89b75eb6b86d9d5341c1b3d6655d

                                              SHA512

                                              2184f6e931eda6c4bc76be55fad6244084b4196351d9c9f94d9319a640db8b3c73336bf57940253686351334bb524cf1ae1420039bee87ef3613b0cbf4e65f7e

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              80b2c73dc3b23816fc0b6d56562ff558

                                              SHA1

                                              1f6b86ecbd8c76811aba3fbf85fe0cb8a030f32d

                                              SHA256

                                              b4b3b7288942a787f41d7ea8db4e5ccff4578de304cf3168d9edc9d4ac361934

                                              SHA512

                                              f012a38a6b755a8846abdb2ff5631d0d4b88d3e6d378977c1c08c512800b59e78addee3f68f6d3d927be133baedcd36062645b44223f2f0115ad356ab300533c

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              22c5812eb8aea5323874edf16e672c04

                                              SHA1

                                              4959fceb4b437250c2083fbf5c715008948e9a80

                                              SHA256

                                              ea540a99d559e9a22464fbe82173319cde35a376a0b3bbb5f9afd030b4d8c61d

                                              SHA512

                                              b312f5664335a23b9eacedcf518a614897d82d4924996f439f0f2fafe9d1a13d5d99dd5b3dfcef26d3fcf11e409c00954f80d20b0997ec3ca93a92ce3a5e0ca0

                                            • C:\Users\Admin\AppData\Local\Temp\Cab26A6.tmp
                                              Filesize

                                              67KB

                                              MD5

                                              2d3dcf90f6c99f47e7593ea250c9e749

                                              SHA1

                                              51be82be4a272669983313565b4940d4b1385237

                                              SHA256

                                              8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

                                              SHA512

                                              9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

                                            • C:\Users\Admin\AppData\Local\Temp\Tar2759.tmp
                                              Filesize

                                              160KB

                                              MD5

                                              7186ad693b8ad9444401bd9bcd2217c2

                                              SHA1

                                              5c28ca10a650f6026b0df4737078fa4197f3bac1

                                              SHA256

                                              9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

                                              SHA512

                                              135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

                                            • \Users\Admin\AppData\Local\Temp\svchost.exe
                                              Filesize

                                              84KB

                                              MD5

                                              df455f0fa8fb3fa4e6699ad57ef54db6

                                              SHA1

                                              51a06248c251d614d3a81ac9d842ba807204d17c

                                              SHA256

                                              15068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1

                                              SHA512

                                              f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6

                                            • memory/2648-6-0x0000000000400000-0x0000000000436000-memory.dmp
                                              Filesize

                                              216KB

                                            • memory/2648-11-0x0000000000400000-0x0000000000436000-memory.dmp
                                              Filesize

                                              216KB

                                            • memory/2648-10-0x0000000000280000-0x000000000028F000-memory.dmp
                                              Filesize

                                              60KB

                                            • memory/2648-9-0x0000000077070000-0x0000000077071000-memory.dmp
                                              Filesize

                                              4KB

                                            • memory/2648-8-0x000000007706F000-0x0000000077070000-memory.dmp
                                              Filesize

                                              4KB