Analysis

  • max time kernel
    132s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 16:40

General

  • Target

    aab88bc3445fac824abb586b86957deb_JaffaCakes118.html

  • Size

    156KB

  • MD5

    aab88bc3445fac824abb586b86957deb

  • SHA1

    ecb616a734f9e1b4d302034a894265d6a7780edf

  • SHA256

    66eca8243781265e4ced48d472a2ea18179cb62fab02fa3fb723442df84bee44

  • SHA512

    39f3f22c353b1954d4dae656d28de8150b401f99866ffa2b7d2ccd91305ae13733c4ecbd139190fc1d38949bc834a042e01aad70e911ea1f25d9c05613603997

  • SSDEEP

    1536:iBRTnSaM99iFgqH/LXTyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXu:iXnvTyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aab88bc3445fac824abb586b86957deb_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1152
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1864
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1988
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:537613 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1784

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ca6cb7dfe79600128d5d20148cbe8478

      SHA1

      a0188c257f981b1eb9b353c6e6ba2998a341e3ac

      SHA256

      1afb28805863454226bd045b8d9721d7fdd10d0b72a7b16653c6200fbb5b8981

      SHA512

      88f468ed8434416bb407482658c67f0be88465cdc7861c63187cbab4f14589512b67fb6360ba77cd61b39f543b2e16cb9fd9ea0374e24c9baff7681a67a3778c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a572e3e6303d5b5f566717b28401a555

      SHA1

      1d1e67151030ea0774ea35e325fc34c1bde4052c

      SHA256

      a7f085c6190566b6ea7861c98c8533ea8bf46b5392e83dedb6335b5b71526b10

      SHA512

      e7300f94996ef1474763460b46d467b6638d37ba86d30d4602f7b2ef9160011c837d8f9e43ef3e2c418bd5cd9bec01bfc74139d7f3e36490cd421845717d1490

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b394b6d218c373c5cfe0a3e2b362993c

      SHA1

      f321b97a186206dac7381c23764c54b181d74d06

      SHA256

      eef0af8a7c586675adb1009f7ea3f840dbcb4841593fd4d91a555a976d04924f

      SHA512

      705c13e733172c57489ae39b02762a62072cc7135150cfb888eefff762e908c88ffb0abfd846bb0b3f07fb3c9bc9e08d68d7ae8ceb5aad3cee99c046300bef8c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0a2d4be94a877393c4fb8d578a283822

      SHA1

      8aa40880828f36cd1d3f2d8d69af9d88d4e46ca3

      SHA256

      26965947509e373d669159bd27417b6e63e9615e5599d933e324cd5de1a4013f

      SHA512

      7fdb8f631383e3fc0545fca74c58b39b1e77e1afb3fb13f86a654565cb953360bf0872a53ac2c8f67d31a462a0cbf7f3f6b40eb1933043811563b5ed3fda03ca

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ceb5b24923ecf8111a42d57b98c7ea3c

      SHA1

      2a798899ccc15962d1753017373857d66a23b19d

      SHA256

      e0045abad3bb7b8a7f00ab56c6ad5766b42df4132bcd83f23de8ea0f20c8da5f

      SHA512

      f4f841720a9d2f6f51e28e6df2bf1eb8ab1a5110b43638acfca783902d7c02c005a642fe8e35c1104d1977a934e08c2a55129f4226ff7e103b02552b23d44234

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      48329b30bf867b8c67579b7f9fbc6f7f

      SHA1

      55223177f97ae2d86d966772688566eaa21de191

      SHA256

      1f79c4a9c0861e7df2ae4fb2f01244c51954f365a54d63daaaf898eb6f1e9bf1

      SHA512

      b503c42d4f8a61dfea0d7e215b691afe19b8eee2e8bbb1fd56052e907b3047488861ea6889a80adce0f54425fee8e174ad65b5c612d76309dc9e2ad55b15142f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4f8da628835064e58ba1a9b008ef2e27

      SHA1

      3fd32f4c9113b00b8c9e22514fa82a96daffbcf1

      SHA256

      32ab60a547726937bde0540d07eee353d017342531c7b51a03f7b4f391401206

      SHA512

      7fb3a9fa09e7b23e8e953f8683cdaec44608e35396541b40ca6adfc3744be05c884335af636cf2af8218ced559a684fb67623f896170f78275218cac20beb333

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1e27214dd786aa62d82d61d534bf0903

      SHA1

      2416cc1734e4058dfba918d282e30ef6a79c6507

      SHA256

      7c610b65011db49387d528f044a90f9c9423d92cf152b2a4349ebf4897af41ee

      SHA512

      ae5ea82d85ea94d88e424c544c563b408eac3ed3e9b5cfeea47cae0a63fad6a6ce7f49d0f681a77779d0cfe66db96db8188954e3d316cc737291503883c242f0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d43054cf0a8f6f94cf404a80c3d9400e

      SHA1

      5c6959dee5f4f5994ecc279d493a331b6074480a

      SHA256

      f33b02346858656d41ae43b61bff0a4707fde93bd6a5d4de88bb481ea6014c89

      SHA512

      e2b901a4dcf1e3c78680e77f24c4cafff817fb999bfc19dd2557ddbd27ecce2476f6cfc3881d484165f84d4ab9eac094851f1a0f69fe09006bfd732a06376562

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      76a9bf825af62bd3da6ff5f3efd374eb

      SHA1

      ae6039f60b83b430d1a1545070b7b3707ddbc5a9

      SHA256

      98d89e53a0be287a97508da469d8aa71d4942b21665cb5d21e09e4962b4be7f2

      SHA512

      b6336dac90ee3d328dcb90e6b1c2eaa50ec60d215f3ca5e49f2e97a39763ffbe0552290be5ce3d5b5c146433c09aae6748a2113b8b074bacac663180095bdf8a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      20da7903fcddad67e060b615d09eeb5e

      SHA1

      0d70d298f7b656aa468af8344737a8c7cb0893e3

      SHA256

      bdc9cfcd52af2bdb8b4e41d378dc1b21cdc0ca2b9a6c245511ad4252d55d634b

      SHA512

      a130a736411bc121b43b628d0fd8a4f5f2b2ea4f2b002e04a56e9ebb11f1e32796d60bf61ae347bb837bc4473133824a9266395865ba446b3022a9e106b94f99

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      de6a4a0512a887285bbf297f755279ad

      SHA1

      80bcd1cdf78e8e011032e370b30112d850b8487a

      SHA256

      c4c62f8b10104ba4ae9efb5994c78e9c044a07acaba63d5538556dc574f2800c

      SHA512

      2eb046928268821bdc3d39fff16b91a60065eeef2676c9673940da8a899d8ea46e346b0621e9ebd0e56961cd0fa6eb0ace049a439f87680ed8b2fd2830ff35fe

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b0e1539eccd7afe1c140f751bd7ac845

      SHA1

      25b5377b6a9db2ef0bccfc0b506440f60f0f7edd

      SHA256

      ca89087afd989fa794ebb3f4c41caa377bf199141e41ad9ccfb2a9d378b5ed14

      SHA512

      5ed90d3dad48b1409114611a03b31c2fbb6ecafb9f3fd3d8bd4173a88ecea569f1cb1c8a2252b19e86ad66ad7d0fb0c935210269327a7e1efde08292c410c71b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      25b1014b4d9391624e2e546e6151b65e

      SHA1

      39d50bb942570ef028f236159046b2e44bee40f7

      SHA256

      966f19a36c0fe87c69c8d41aab1e82aecbde3b7c16814b4b2c1c57930a0d65eb

      SHA512

      63cb88a9f747a40130e81efa32442474bf45585fd6e192e021ef0cde0ceab9baea21ea02ce52df68fa50c1c89d369b47a5272a724aca35a2d0d751ca87907db0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cefca17f90851f464b451e0556b1391f

      SHA1

      15802bd4657822ef4794ed9d96f49fd961e5a1a3

      SHA256

      e31c299c4068c314ec85cf26935366e999cadf20b459d811aa4be6868a8c37f6

      SHA512

      eb4cbd3b519318cdc73892324e7e60c7fcf67b3eb537dec6e749322f4b39bde9c8b0eafce4debf906be5145901d757d6f68ae14cf7b4c706d7d52a9c4ecdffa6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b4f9ccfa0de236464f49a6f4e2697d88

      SHA1

      c7a45b1ac2a0e2b423cdc46980af1685e1b77a38

      SHA256

      cd3ce32431bcbdcb21660fb46dda8f6cd6e44950c93a92312fdb81c410c80fcb

      SHA512

      66550a6085bb95434b35289a862da16a31c7b12ab94ae558c0768e2332ac9a9633cf6ab249a28ac8ee0fbd1d6c88c16d50157fa88120a3f1d76234c414b853cd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b97846858f6c7f7361422cb39d56a146

      SHA1

      fcdd7cebac2ff15c882247277f8880692687aa7a

      SHA256

      700dc58ad399a74cc95f6aef0a879a70c7aec3b25fae27a87071057d600e40b1

      SHA512

      3ab2d98e5ef40a648d735346170db282d6624083aa4565d7418de4d2f18b31a163c390420fed6c1dee20b51e700b2c84de9e5ed8db325cfaad7a937c6e2dd80e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f804324fef04de7d77d6803bef52afc8

      SHA1

      f8831f284af59b17fe4e0a42b0dc15c396565ca2

      SHA256

      5a9a42cd0aae50f128fecf990106fa89b309eeb1bfd4a9edcf5ede505f1d48d8

      SHA512

      f32466076f719ee481f51887c3ad782c78d3ec0325b6d31fdc0fa6eadb8b1ab2faa1d3a51eb25ff0d95d14c9766fc2700495f5c1900e2cb8943d1d70a48224ab

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5ae7d395977bc593a04b9864856e7614

      SHA1

      75ca556f0734a8cc0d69b395e903a02802bb6722

      SHA256

      dd2f28b46dc7a9871e8a188e0cddc3b591e1c90632b2c2061775e2bf7c8ef35a

      SHA512

      98a97c18dd810a6d2f019d62af8ba8210a6313b929df04b219afd323d26e8e7ce13813dad6b4ebee32397d160e126be402b711a21610d2df8683fea5880a1de9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      77b11181f857c8c851debf668f69fe30

      SHA1

      6acd24a2dc75c2ff939930a8c5de8f57998ada1b

      SHA256

      2a5a0bb2bd0a686e363a56ebd232681f306530ac474ff7402cfaf2de3a2229b7

      SHA512

      41a637b262a74bcc42e15ee980dce4fcaae4dffde74079f26bcbfc72110e6cfe103239ca96aa6bd7073bebbbed0f967732dd83e8b8c5fc94ceb2cf840570c837

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      69ff5dd572dfc3837c0a17fb2ddd903d

      SHA1

      b51f3ea8f7f4f5544f2303a91b71b05dfa728f3f

      SHA256

      ab7e1a84fcaaba90095c6329cdf683313e3829278727e1d0944dfd0d681c0f74

      SHA512

      3b95a3a9e7303d081aa1ad34d9cfa0f155f6a51393cd05ddc7286d1a50a37de01acfba46d9bc8595270b8b63904438535424ff888c70d3788041754c06015bd3

    • C:\Users\Admin\AppData\Local\Temp\Cab75BE.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar765D.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1864-436-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1864-435-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1988-443-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1988-446-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1988-445-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB