Analysis

  • max time kernel
    134s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 21:59

General

  • Target

    aba71e32e2d7da26bf2a745a2bec114f_JaffaCakes118.html

  • Size

    158KB

  • MD5

    aba71e32e2d7da26bf2a745a2bec114f

  • SHA1

    ab077454a315c7de8768b5d965dd3db81de4d119

  • SHA256

    9e9ce7abc39c128f40599ae8537112e66d1b9504a9de3eb10b6b9936b5871015

  • SHA512

    b257b1d9a2320afd1bfb19e2352cbeac5407873ea81f2df2f09d22465b0291c84ecdce0cfd119187d98ef70e6826690c0729ca05a9aca217f2497e30bda3e548

  • SSDEEP

    1536:iLRTJprjTe+ZKyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:ilJheaKyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aba71e32e2d7da26bf2a745a2bec114f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:764
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:560
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2380
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275477 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2384

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d3ce68017deb93b2a239c45089b02bdb

      SHA1

      9395a3d893c4c004a87b6a13e98abbb65bafe62f

      SHA256

      a3d3b965211a2a257b3565d76abd8cc114883381e5bf333c9091a6bdc447fa90

      SHA512

      05717e7b6c99f0a0dc98b0de499c59718e6cd1a1ecc330805f0ffedd3e1ed4a8a1dc35b6e899ea209d7cd8ceb87ebcb3000f0e24b1b7c602e5218080841cf9b5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8426788b86eb6dc9536750b0dbf099e6

      SHA1

      ec3175253e3f5a63ee7ec1bcf95ac775cd6bedd1

      SHA256

      500dc69bacec4022aae8b55daa9521b4a573e02b9273b3fa981163118239345d

      SHA512

      fc22d1a102b4fbdb4a7038dc83b11ff6e70aaebaa4e67662f2eb3f4675417f6f19b2ad6e0c92c3dcdb844e371a276363bb36fc38cc4203d5c72ba6e8585712e2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a7ce71ee2120c1cac337655012f5bdf5

      SHA1

      135c8ad778dc0f2f27edfad5ea2dc007f4899998

      SHA256

      f1b115178a42c6b56db81bbf1b7e02b87abc9ea37a5876bddd4cc76042388ec1

      SHA512

      2a5540958dfb15c088b959a20874cf81fc6c6456fe8d7ed20b66a57aa5a6e02e1386820a81b30984d3738ab61908dce4adbd5dd25f65a075bf252e7b6b3f545f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6168c4cf8c28a5677b210742c5de1844

      SHA1

      db163d818e3b7aa0e574e59ff02abdde43c0d5fd

      SHA256

      e4b0d865952fe32bfe519f0f06dee394a2cad7e3b7d83603a4e426cc3c7baab2

      SHA512

      090e105f47d837dfa8add0af236c5cc896eea95080e265447e05bb51c20c98a8b2ef3d64b7e59042140cd806dcede48153f0b10a5487818390465249888f40e9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0c0be4ec0508a76e7d6dd110e4920878

      SHA1

      f5149d5833068e7704e9bb63b8e20c96abd494b5

      SHA256

      d40c19fec1c065d89b8385ef17e2c106aa5f4dcda7db369d44d025ea3c29da16

      SHA512

      d017c9db9e0b9d16cba078758f1659c5fe725963aab1861f7366168cbc0610e4fd3b062120b6b0290cda7f3238220fcc5ab7c989784298d6ecd9994dc59ec9d4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f4bf76abfa0a08c3d92bfaf0cd5da870

      SHA1

      1bed6e7ceba9b3bc8dcbf0b44338c1cbb0874717

      SHA256

      7d70e8cd31c1f5e514351681822ce3c1b5e42d6d4a59f7f77aeb8d0e30e21609

      SHA512

      57088407cf8a320d8f5e4b74471b4adb0b81486faa7fb06999cef0f6e8484d6a88c3df8801e40a2bec820aaa814ca4c7cabf2baa26afcbf310a224ad77fb25b9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      93655d8e466489e0e884a7be8760a2fa

      SHA1

      82d668fe87d8b396ddcd4e209cbd875e33a23e64

      SHA256

      7a850c993b288a2a125e8b35aa8172c88f34d2760dc8548e1295994285bce8d2

      SHA512

      ba8c968e24f095ded43ff3c38a9c42c4b65814c1ae248886a32f2e114b96835b9e6fc46c2b279b79c1859041115364de47a7a233d4708184e6fe02d516f4fb94

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      80c0ff81730e652d624376c18b1cca5e

      SHA1

      4b32a44b3f8d936b150661cea7540250ae6d33bd

      SHA256

      9209b59f0f4381041fbc6cce2dcfc25b6be19c4b9460c953b5da29b41bb3d984

      SHA512

      895ebe9764ca5bbb143ef799743c535c158817fd13ddf99bd0eea69a8b8785d6c75c76498ae743943e473e0228e4f8e8f8aefd77b358c8e4ea208872aa13f407

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e78c4cc0c596f420c65df9d0acea0ad2

      SHA1

      d8e4d3a5fd04c03da80d140e08b9ec222cce8175

      SHA256

      787ee1b471ec602c6968a99378b252ea3fe3064f892f4499dcea49d97aaedacd

      SHA512

      ab5b18ae6b34625125c8c517a69af807bf3511869aea2b6166daa0ca4ea4707c5ae5ba8ebb4dbd44dc7c5aa8981b96525dc2aa771d743b292e50da6cbbfd4680

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ec19430c1655739941573430b16210b9

      SHA1

      793a3a3ecfb2612d9b3ebc514d9d2e316bcd69f1

      SHA256

      527370556cfaccc89d0c795e8ef6d582c382a9dbe4390f7820e466abcb74fe8f

      SHA512

      e31fef379c3f157c4ca68b90a2ee7372a34b2e14470481bc679d0c9bd8b16fdce1a0c07ff6318342e30447d807f072e4429ada2b7413755971c7bc76f2e022aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9463a7a34ea18ebb1ccb125a815d19d3

      SHA1

      9e6924095373a055296111bc40882ee25f04f41e

      SHA256

      fa4fdf25133d1f7b4d49161eafa106b22071a14fff571ed0df9cb2d096fd2f74

      SHA512

      a9d882534338088fe93cd8c067f4feae5d80bb96801b8c98512a5bacc36da0bf850282cc5efbac9262ae539bb75b2f84f2915a59c32302301ca1dee62c5661f3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b695ee4f5e532d9dfa4584b8217a1341

      SHA1

      714effbb23d182fb42dad93039aa2a17cbfa3548

      SHA256

      2140194f9593589427f659f033cf7b623910395cea3dc6cdd3d34838e1ef68f0

      SHA512

      b7f7a5e378595c579f0cf35c90b10f5c48694172c6720e37d75557d0940f24b6dc029e39e9a9f35a0f9127252db7cbb568e9521061c6162271f68ecdc98965fd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6a6c9d3bda9defdab31f2576f71b0aa5

      SHA1

      f95d3f2d1a66935c89aa5f65894bb02567b2102b

      SHA256

      b8168c630314bd32f6117014f4e12751c1224b545707517966d5ac338251d0a6

      SHA512

      d75337cb4cc39cfa69bf07c5d1d9304b756e2dcb18d91efce9339dc7837f68cfe1a40dcdb35f782eed20b68e0eaa9c9c1a1316da731c76fe528217efa5c4208f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c39ad65e4cdeb40daca332d16ee1211a

      SHA1

      2d6cd3891fa696e3a5bd293e518ce392d47ef4c1

      SHA256

      8192129263e099ec034016ae4e9f0f9f5e09287f3133ad710d61659b1524e47e

      SHA512

      1fca352936da382df33d92a633517c18b0855fb297cc5432e5276b05403c634254bfac0fb5c131afe9da396d50a746074280793878d86a3e4e458ebb5c7d9ac2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2fa860371afe1e42215d2c8aacb22045

      SHA1

      8b08bb01929199eb5ded7743d9ab0aed69334e08

      SHA256

      88008f07c45e3d434cb44270bcf69a94a6bb14d13b288b3cd19303c91f6d828c

      SHA512

      0471e7fc7200d19abf0ed2892d89f4f7e8c2d6389d95ff9f494a18adafc7d97f61db064107c81325112f677ec282566bf4254023ad3405db1994614702709aa3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aa8193bbe14ed296225688bfcfa395a8

      SHA1

      35617ede770d8ee26da10dcaafebbb7823f2c54c

      SHA256

      f1af1f6ac02aa265db5f1a9b4389b991057b7135a653d45d2840f6645a7c9641

      SHA512

      559e6342318e62ac74ed36679617f48295ab2a41a99f096d131b300a458606ffc21bd60693accdb8569ca8f5c91ca7ec31e23fc312f39f57a8ed7cebb3f5ee47

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b52d06881a73aaf6dfdd1e6db73a3c51

      SHA1

      57bc57c552c6edd253d6aaa11f6f76f578d678fe

      SHA256

      b0823e8004840389e0c1fc8a73dd78bc84e918f536cf9016f51a201a7f647e09

      SHA512

      0f1d3d0d698fb24ee60505692f493548f7be50d9473601b24ae2a026d71282eb2299cda17b046fcafd988717ed47425ddbdbafab8952deac2df879d2fbd9b214

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c6a017f3a9b409b0c1c4e197bb577f1d

      SHA1

      562a9000ff38b738aaf4e8fbe0f32d4c2912e27a

      SHA256

      ba8b527fe2ebbf70036010dd8c55ef0017ed6e1bd3ad48625907610db3c5c0a2

      SHA512

      3f45f3e62e5be2bdf89a36734076306df4bbe043aa738e0df346fc2ea4c43262ce63371504a0a110d7d6b1799dd86e14c4d4479d7b5927596346cfccc040b8e6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0778738f61402fe46138d5ee7c485d3c

      SHA1

      096b818ffbfd7ddc1595c892b9255cef4aa0d8b2

      SHA256

      3cfca2b0b0cfe1f7ede03d2d7241044472f153bb12864c6dc6db7678fc54c87f

      SHA512

      49a6c66d14146a5abb776e85cc6e018f1c6a9ffb428bbee25d7c708bcaea47a984f11b86ced78b343014961a10fcd8d196a3dc9aaed1c21dfc85097867b42d67

    • C:\Users\Admin\AppData\Local\Temp\Cab53AE.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar542D.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/560-450-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/560-449-0x0000000000250000-0x0000000000251000-memory.dmp
      Filesize

      4KB

    • memory/560-448-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/560-446-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/560-445-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/764-444-0x0000000000240000-0x000000000026E000-memory.dmp
      Filesize

      184KB

    • memory/764-437-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

    • memory/764-438-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/764-434-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB