Analysis

  • max time kernel
    120s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 16:48

General

  • Target

    a70ff0a96df5ee651ecd76fafbf8d261_JaffaCakes118.html

  • Size

    176KB

  • MD5

    a70ff0a96df5ee651ecd76fafbf8d261

  • SHA1

    33e5c2fcf94591fde621b703cdbc0cf246933cec

  • SHA256

    8abc263a5b69e66c427b811dbd688d55a521296cb93b456e48f765ec72f8c96f

  • SHA512

    4cf93b0dda57d53c20c61c5938511434c24a4d9153bfa9e2ae86554d7a99f57c36f83cdc06760986cd361987a5a19acfce74dd71e8740f538dcc31bb46c8e436

  • SSDEEP

    3072:S4xyfkMY+BES09JXAnyrZalI+Y5N86QwUdedbFilfO5YFiM:S40sMYod+X3oI+Yn86/U9jFiM

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a70ff0a96df5ee651ecd76fafbf8d261_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2712
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2580
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2972
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:209933 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2508

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ac944047a038a8ec3cdbaa6e9f8370c4

      SHA1

      e53be27a0f69993fa9bebf3a284c473fb29f7e9f

      SHA256

      72957c2a50bccb6345f07931ca579a7b169abe0aff42e1fb95ea49392927d02e

      SHA512

      9a93f20cdf14ad3dfdb74d67a3fd251431fcfd0039bac196c638afdd98d10123f2ce6e77ee05516f97dfab17ebfafc8215394ab7c536de8882891738085f1c6e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1a1359d624ecf2bcf067181cf100977b

      SHA1

      d582ff167a671a4c3778337acdeec423549d9438

      SHA256

      6dfedf97690b0cb676fb52b8ebbd42fada7bf3b05fd7033f4a221650ec93855f

      SHA512

      b1e89bf2db0f22e01268d95ba47ca87ce8a68acf372e96568161fd8906422a195a7af66bf4de40d7654f18de62db73257279072745cf1afe18059089151b7f93

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1c4d3e3770c927071de418d6242adf05

      SHA1

      262c7ebd8a7cdfac8730788bb3a7cfdc55437d23

      SHA256

      1eb01e0d1cd48f4c3f89c04c81829e509eba5180db375eec6255d0377ef30007

      SHA512

      198c4c81ad4f551df082e5737487f1266dfe51d0ba83bfb7a0fa6c6fee0006835000b825906a62bb603a9455120d46c5132f1d9bc5d3af6696f835f5890bb5c0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      03f8af737c673cc89b3896d13c9763a9

      SHA1

      7e78567c9997523b3760c931bab1aca63e490a5f

      SHA256

      8c2d640bd256ff5d84e170a2ec01fa86a84afee48c14a773924bb8ce0246b354

      SHA512

      7f684f50aa3a6d534b45d01062a75b0099a5eff2568a52e4e1ea91626e23ca97e99f8cc1981cea5006c950f06c9f62fe3b6e52c3d28a30aec3e0b176fb99b6f0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f29867d8499e04daffee1dbb72984f4

      SHA1

      debea949d44b15b7adcb5408e49fa848a2f800e0

      SHA256

      edc6ec682636e129afd6e8b856dde9ac6ca2d5ebe70805a0771796cff9a4c639

      SHA512

      48a7c4d77a1b0ebece1963b6d7eb2af77b89558edf21b6f4e1eba66e73e0e567295e9b46eb4895d456333373ceb4e819e562605e2358a69bbeecac887135482e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e914cb82d46975af62b8660b2c81ed7a

      SHA1

      d54a0ef1c049e10a835fa4b8ca3dd4ca425f6f21

      SHA256

      6f25000b0de6a151f48516b7a15a1e120a1918780638dc613b88bf8196452005

      SHA512

      a2ad10faf49094911fe5eb2430fdabc244d22b210f25fc1e2304a32ed4395fa359224eaaf5475f21fbb6a0aa2198da22355d76231a7af76789c4fc1f6afdf9b0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dad471834855bced5a5c35e9de4c7509

      SHA1

      6297597bdb65545a8e8388a4ac688510c110301a

      SHA256

      fd1991d99b66dc6976d4ed7382313b00629c1292a4aea727118b4ba716fcd5a5

      SHA512

      de43c98044eeb0a0bebbf00f177c8453b997667d157123ff385f28c353be618cec0da2e53dd89d6b6ab5a54ba77ff79d3604d7aadb7e07cd5c437b5f30ef3204

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f80e7b1504aa8c9a027381f840bf71ae

      SHA1

      56625cf198cf6d2c7b475f2b163594fb0e6d21b3

      SHA256

      f5d642d214892c554e24892117dc78407597d4d69b28096106788687c7861423

      SHA512

      de83bdfda04a2bd8027ec65edcfaf702971210bde0d195e84d4184d5c615de1c424d48593661ae8b1024008cdf939f568e7c59c2cb49dfae7e3df6eed6ec0b16

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1c3c2d9fdf50c84a78193d08d71e4597

      SHA1

      a045af09ea4067b22331cf2b6865180a29dffecf

      SHA256

      69db789bcca0cd8037d9c7f98309b61f843d6d76bfc96fa2fe3b5632e955a16f

      SHA512

      5e314a3d105684abdeb3f20192165eaf104a8238dc94fda717331712eb0fb19a38686cbf310116ffaf84aa98729a5ada4170150db3629f0c5d85c9d814aac43f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7f6cacdbac5334916fd03d1645d00a2b

      SHA1

      88461882659db5f2ec19b3eba0ce04c7b0a44311

      SHA256

      fe6379d02b33f5a6539f0b10bd6f13bf56e4eb906cf6b67e480c7ee9538b4fab

      SHA512

      8bbfd0fa4cf90af5a6188f6b5f5cce35a328de93bf7de75611831ee07b734ef8a2f5743b12ecef2e8ee470602d5fc2b54534520891f47b24251d8a0798e503a9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5701347d6f79962515f8828b2a9bc7f9

      SHA1

      35a110af790a18f221cd92cd42b11f24f0f2fffd

      SHA256

      51a8494dc257afb96559b413021bbce0dd333fa458456c74185b166419e75700

      SHA512

      13a3e3bcbf66d2885a7451f253df440610d348d59184a0cdb793b3b19d5042b51808a40e1378a8c260fdb0ee7c36ddc6a1abc12a9ebb44dfd46c5cf0bbcd14a6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      365819c063d5231e258a480166e57315

      SHA1

      2be60ba548f99a1687cdb7fd65678e7a1991f9ce

      SHA256

      c4e0318878b2bf5b6ad95a8a4d95d2d950562de890dfba1581f2b3b6ca8f88cf

      SHA512

      3fc4812c4162b141af73d4827a19d25c7ab69b0cf07323736bf49f94f69461b3043b8c76596f0b68c7c337c899b0f32ddf51034c0b5e8f38b2118fbe4517afaa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aa18dd5f358d73f8ef3c27b406901c19

      SHA1

      4983b8f4a214829f2f18ff4ebedf4d045dba3b87

      SHA256

      def9d031b13d55bc45aea0bb2d4ad81b671b8d068753fa2e062368cce5e9b628

      SHA512

      3b935a592678d0ce255ee18b065a5af53628720b0936edcb63614bfcc88558ad0cd97d965f60af8bafd7a516caee5aba7844993cb9d66c684ae03625ffa58b35

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a655a78bdedd3fb45620767ef1968b81

      SHA1

      18e7781c8c3a72abfa922750667e6171642a7823

      SHA256

      285f728e1a83ece66d9ba84c4ca5c892cb1445c9f14a5715bffa8cba51d92ecd

      SHA512

      b8434ba6f428371be5d1a6a8da7487d10b561c8fcc2ec8bfee6f6a034555aa93d0934cd3fe9f7dbdc7f1aa5ce26681119c0d5cf622eb2f8d77e03dbe79118d09

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bb556d2019de9e8c97372747ea4d0305

      SHA1

      c55d3a930be90642ec06f38fed71f83caacd253e

      SHA256

      c9cabeda1abe4ad1fa4099a5179a0bac90863ee141eda586aa69e45f531d8469

      SHA512

      c242c270fd5ea39bd581ccc2ebd4ef1ee16ccb98ca8b4cf3e6d50ece7b68b0004b1667616f952250c264b2b8440d28ffceb680ca722aa97c4e9b37cfd2d52507

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5f8e294db3554bc499709b8ceca67601

      SHA1

      21dbadec23902b9de5a53805f770c39cdf811f54

      SHA256

      96c2fe17a88908de82bb18e28d81f348c65804fdaaa0fda4a10ebed8b3e21dad

      SHA512

      21bc9cfa8b78c1d6a6f7525cf7801418188e4ed18250165467a6575556755fb6971868edf13db5a0b001fa98d17e4073c9a8e1a8b5ac3821f4f72d91f9971984

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f29cf1a5d6cdcbff5712b3665fbe70b6

      SHA1

      13ec8434489e8367bdae4a3bb917c1c62d82875b

      SHA256

      8430213d92076c8dcfe9af34d44867bbcd6fbc6685ba034bc58b827a378c0779

      SHA512

      13e0647ced55db3d8124b4c9b70e44060f27fabc708a994abecc9cff70233df1ad6cd5000e39292b41297ee9e1cc0644955989ac298f68a833a482cfe15e1f2e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      26751c18249ef67db218b47be378e1a1

      SHA1

      aa0f4a5536a7e63f474e72ca7ae485eb504a6acc

      SHA256

      e0fcce4b87bf4d34f018409a71f03020221376dfc7acfa1bcdd91350f792f201

      SHA512

      45d2ede1b9dfaf160d4cd02565ab2e663331bd1580afba8572695d43eadca81ab7e62310d0679c407c4f0033f4e8b34539069fe9975ce8241187759901ecf0f8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ea151da578af0e48be61f2c1537b9af3

      SHA1

      1d8ea40720234609c2ef0b09c6a23381c8a85761

      SHA256

      0281d330b2ea012db5e47acea0773338e2bbcec05c7e8423abd4500cba7690c1

      SHA512

      7fa9eb8512fbcf4c78798df25a97d6eaedd7aecb099e98192f4a8174fef55d0576e8edd5a2e6e073fceb38acf169bf7b0e71c4cde5a5fd662adc70126d80395d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6a15d41a9ba6c6d7ac1f08d7f1fc8577

      SHA1

      7d67bd832a7877fdd9d7a43e7e0da5792a3175c9

      SHA256

      4832554711a1537516aa4e223fcb3851090fa86cd994329e0690a74bc05b7201

      SHA512

      0c2b16a3a951ff582c65cf5f6c882d6878e73d1cfee4bbffe26ea1cce9b934de5cf2bdc9beca5ebc26193dae49e52582f0ed27f9751a40430bfb70d89c5d9950

    • C:\Users\Admin\AppData\Local\Temp\CabB212.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarB2C2.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      83KB

      MD5

      c5c99988728c550282ae76270b649ea1

      SHA1

      113e8ff0910f393a41d5e63d43ec3653984c63d6

      SHA256

      d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3

      SHA512

      66e45f6fabff097a7997c5d4217408405f17bad11748e835403559b526d2d031490b2b74a5ffcb218fa9621a1c3a3caa197f2e5738ebea00f2cf6161d8d0af0d

    • memory/2580-17-0x0000000000400000-0x0000000000435000-memory.dmp
      Filesize

      212KB

    • memory/2580-18-0x0000000000250000-0x0000000000251000-memory.dmp
      Filesize

      4KB

    • memory/2580-19-0x0000000000400000-0x0000000000435000-memory.dmp
      Filesize

      212KB

    • memory/2712-6-0x0000000000400000-0x0000000000435000-memory.dmp
      Filesize

      212KB

    • memory/2712-10-0x0000000000400000-0x0000000000435000-memory.dmp
      Filesize

      212KB

    • memory/2712-9-0x0000000000400000-0x0000000000435000-memory.dmp
      Filesize

      212KB