Analysis

  • max time kernel
    141s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 16:31

General

  • Target

    aab024768471f445f735b089c8917c70_JaffaCakes118.html

  • Size

    156KB

  • MD5

    aab024768471f445f735b089c8917c70

  • SHA1

    73d05993d9b77a237dd9a02655a7986b0cf1e49c

  • SHA256

    18d39e494edafc28099d14234d2e0c5a515a8a4afaa0ad14f4f86eaaa19da1f2

  • SHA512

    4df0456592fff20d3ac08fc6ce0a564c07990a63f7257f39d904fe8a83294916c5e5540cc513002167b6e12f3381e9e8e355530fe38ca25796416215573da42d

  • SSDEEP

    1536:iiRTodJWqq5mP0u9jYyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:iwbqH0aYyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aab024768471f445f735b089c8917c70_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2352
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2176
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1476
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2340
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:406543 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2688

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      6fbc8450c88d1284a3085c88aa97f753

      SHA1

      fc36bcb92a169d1d7f287c69ae00007b82fdd4de

      SHA256

      14ff6f2fae76d276733066383849698a5b8657b8ffca74ad88105c0895d7569b

      SHA512

      012073eb9ea672a18dd03685fb462a342b1ad4807e9b7c35abf0bf32dce20fa205c5093a5ec26e0dab624d7b391ee616c6c0fa31e85688a5f991e78607e2bf6b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      11d882cd77e87df02dfd1a7989894eac

      SHA1

      6ce068b64a4ebe1d8ffe7d5e2240a207b1b03a57

      SHA256

      43c6a61aa6a34407f21988ec7d6e74badfeeca0d519f12f15785728d2ab7fcc1

      SHA512

      7bcf5f97cbdc329f892fdd8bca5d02d87f4775255b198fff03330ad619d732cd3cff50e4708e74744ace9e6e8547313f2d070b6d662f700b57ae45cdb8333410

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2b06f936ca5f864477938e9fee1ebff8

      SHA1

      2a90919ae9c99d503d6c77b4091a868081720d43

      SHA256

      9b239741eacf949b0a01cbac905ea99e0a8fa08a74abad4b94b7f201fca364dc

      SHA512

      cf383602fc5c7dd98ef64b20d976b42df91bd50b1a37a2d0a8b65149f8326105c06524e5fe8330c68ec415af6099e9f6aad5fccac3a3ec11e7747115d27dff39

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f82d7ddc27b5d28ceecda709606162c7

      SHA1

      e49c2d12d4a60cc3f0d83c7bfa8a8ec7817bbf36

      SHA256

      331fc436641b9b06a3b153b5c92c03e03327f83b7e548f415818d243e2e92ecc

      SHA512

      a43477a6cb66101d07ff65e0ceb5f185a93c597b67ec02e32742f2f12bc57bdc0facee3724275c9e18d44ca844e0cd9404997b4e665e8491aa27bce52c29cad4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a804181bba7a646fb4e2469623f6c9a0

      SHA1

      3c12de6e049fd2f3af990bb7ca2b4c7502334443

      SHA256

      75b67810e78139e0fa579288b563242949752ae434d0f156072ecadd63c84301

      SHA512

      0078f06197b81ac5da43d64bf0fb52554196a47729a06d2628862d6630826b58a080c3d96a259d01553a4f7b6002ab672abc8f250b6fd555918dc6f25e60dd9c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      49417494c92e3a6e2888785f1d760602

      SHA1

      aff74999dc269510806d9f75eb83d9beb32a821a

      SHA256

      b7b43156f36ebc9f00a27721cba9403d18bc122a87b87630975490c84171403c

      SHA512

      dbc3b685d9202f8015b82282e0026befe04b2e166ccffd9c9fa9b64dc917951104e475e8e2b5769b4588d4b25236dbacbea19a9285520fbd62af674651095230

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a7a1f9101bff902a934807422d602499

      SHA1

      75d3bd4fb228c0193d9c92f106d737b93dd27da3

      SHA256

      a2861657e35dbd23b1e43e29628a6ac235cc27480799aecfa1501a17216727bf

      SHA512

      6865a5df59e5d07050ba6fec699372d611cd3e2a93828488f064e0211daebec3de3a0e2ce529563a026e74360f9699f1f6f6f4c16d6fd9f87a8c63795240e7ca

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f117cb4319ce498f164e2ee8009ffdca

      SHA1

      22e87e4c7c9e5953503701191b94a653b97442de

      SHA256

      c14fa8a9f83696102749303c8883bb10d4ace8fc2728e5690d469547b9d3b793

      SHA512

      d280624397d4c58ff549506489d53422b5d0a9626e405df204929cf74b495193b926f720c27aec0c929cdf16a04ce134649352b146570a3efc468b1d6670da06

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      95f7e022356be3202e66796c3332ce02

      SHA1

      cd98398e7abe7bd9adc9bd9bfe44e74454b312b1

      SHA256

      ff7eba0a1253adb5202f2dd8c09a4b472a9bb7048e42a230eda6f21d718e8556

      SHA512

      66f0778e9cff43105f1ed5d40cd0805de3ad81a1629151753032998b32a94a377a6fa26cd3c2e7b172465e8296c0a9466657bb64779f15a6cd183b0cfdcb5dc9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7e9c25d27d5801e9cf1d8b1164e702b2

      SHA1

      4bc99125e72267e6edc22948ba35bb1b797fbafe

      SHA256

      cf876a9c69a5d656662e151edca6ef790cec0dea2467943a7d17df48a3de5aae

      SHA512

      2de3fab82c866e2af45754836a1e531833ffb8492102a392d35ef07a56d6fb3dfcb33b93dab65b77ca53bb0e9a32c90e8bd62783ba1c775147f698080565e277

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6c560f9507531e6bec564ebad6cdcf16

      SHA1

      966d90acab481094610fd252626d50106e8bf17d

      SHA256

      d82e13602a8f4a7371e883a0123799e0d9af711c859d36d46f9c4aadb9e7a5be

      SHA512

      bb58dae267896e4bb66b32a0f8887abc8f6a2cdaeb20b091f9230587f043ded9e8861fb74184efcec0d7f03a9bd6ad5f2eff0934509b68b6061945f906582a99

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f760760e8c893797b0f94e547113076d

      SHA1

      2db38f515c6908ef4100422fbdf3700fbe0ebc34

      SHA256

      262b5911c55c55fe1d85f1023bed0caad05504ab37aaad1949fc4071bc33d1f7

      SHA512

      340007168b5fcd4f66060779a5cce2c2a8243d054aede3f93a486f55831b6b40c7735702b11bad8da0785a9fe9c439ea9df8672b447c2247f3ade4cef38e4774

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      543746d8df261d2aa92e8908b8ef2c77

      SHA1

      5b7d76772413f87eb89063ddda1465bd1bf93d8a

      SHA256

      f0f4ebfbb832f67a41b0a098df74220c50bd447f326b3fa3cba7e63b8c300fec

      SHA512

      af598825ef6c3d12aebe1e35e07eb66d73be9c93be9969639267b2bf6dcb6d68c2f2e9effcb1aaaf81e67640af3643f88560625280dc41a6d608353cbf8629ef

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3f1661ba63db7b9618cbf1cf182d4116

      SHA1

      1671878cdbfb6b635dd3fd0cb4643ad4a84325e1

      SHA256

      3f23883e2bc5ebe5350c7551e31659fc059f9c2882eb6630533a96a568b6b7df

      SHA512

      d49c6c2870cd0daeca6c09444ade1fbdaf154fdc4a33ab689f86328540b0dc1ba7d34cebed3554545873055272b6f4440b778e6506150004feb70674d0663a7a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ceb96c3016cec76a43c97e7338111385

      SHA1

      5dfbb72f05591be5b2b8b7c59a8fe8f3a85e5cfd

      SHA256

      aa70e5d2f9fc1acbeb05e8c0599616161a61786e76e09f65a6f758e988f04bbf

      SHA512

      5728757d3699eaa9bfb7023695665aa6a3ef1b6b29b6120d8f6c667c0d8fbadf994955de3c02aa9c6688dff505009bec8481f8c8b672d2868fc346d43370a58e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f32e70182fa2cbfea05fd2ad1e915b42

      SHA1

      777df0bb639fd788d90c5b67aef21067069957be

      SHA256

      182a53bb7c922eb5e9f47256923e873f9370fe2d067e9a7cb610660fa140057c

      SHA512

      99b7e3b55fed547ad642a2ac138000de4927ea2cc67080ced2bff7234a6012cb99ac4cf732ac783a9ae1fc1e5d1f358dd9f54a4b4d1840b5d6bfd9be14d74b50

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8e2c5f087d061adcf76729382bc4d62d

      SHA1

      ec9400d506d05db608bc74924feb4ad6b70df657

      SHA256

      386732af01a54b25ca84c307146411785bfcb4752260bbed799055bdf40813b4

      SHA512

      f1907401af9d4894d1be3c5ceee918f783534f029f15eb9b200d462359ca19796ce84f76e688723554903c7636c9e017f143f69469230fa4d13112325a66b043

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      47e70c65e8f73a16f5412b16d2495d70

      SHA1

      a319db3381d2332929a7d42acff74a6f3e727d43

      SHA256

      5e46a7c38eb59c3862b6b8f8aa3e7b5b79aa922d8d4379c50ee7617692430215

      SHA512

      f35ced47a632781eebf372b85f7d9f87f923f03c66d0eae52f2accf3b5d6aebc77ea0a38d21ab5dfea1f65145cf9edeed59ca9b3df7e6c454a509472a7cefce0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5444bc8127761c5e1da800b3c133a515

      SHA1

      081c2a55972ffea1136ae37337d8c40cd1601dd7

      SHA256

      3e0f97b095ab42214bc40a0276a59b6d6594090d7207ed13e068c1f2a3e4ec41

      SHA512

      76c14e0bb0ef69ea11ad80b9b02f19896b238200c3e174d0a0fa7b89802b075e5d2a5ebe34ad1797567eb8dc973b3ebb76faec7cd9fa2efb6b926b9c3420b956

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7ba0f0327e6faa19989f2121fb70cc44

      SHA1

      2072c627ec6bce2000842c46d073eac76d76ead8

      SHA256

      fa2d801df8e03df4a1b32be69e7d5f0ab5106a336073abc03773789fe3cf036d

      SHA512

      eda1e4168470e5f2444014b5880e7b66bca6d46b5de16cf90c82f8ca38a899eee84fc5cf4bb790e9fe5b7ae5a5b4be027f61d819abbb9f82e42210d122af6af9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      dff52bbc8db30395a50ad2985b7e2409

      SHA1

      188f3bd732eb8cca8aaedeed9ddd9ac7a62a3bca

      SHA256

      3d73efb106ccf9f898f8edbc05d9b627c3df2d16c7ccd19a04558b38fc688581

      SHA512

      238824bf7f2feff9ce8889d62d186b0a7cb3f4e3296a2cc558b2b2cd21c4436439dcb3c09036b5cff2c158aa6b7c222c5388f704777c6b41a25c092a4b70d661

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WOXU3MHQ\favicon[1].ico
      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    • C:\Users\Admin\AppData\Local\Temp\Cab57D.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar708.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1476-586-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1476-584-0x0000000000250000-0x0000000000251000-memory.dmp
      Filesize

      4KB

    • memory/2176-575-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2176-576-0x00000000001C0000-0x00000000001CF000-memory.dmp
      Filesize

      60KB

    • memory/2176-1195-0x00000000001C0000-0x00000000001CF000-memory.dmp
      Filesize

      60KB