Analysis

  • max time kernel
    132s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 16:55

General

  • Target

    aac63732b923e9dc8f1ed11ce1c84424_JaffaCakes118.html

  • Size

    158KB

  • MD5

    aac63732b923e9dc8f1ed11ce1c84424

  • SHA1

    37fb6b306f4392ab3482167fe1944fcaa968ceea

  • SHA256

    88298737f310db8b6c7f70b541c1316d2df84d6ede23aa4314346239f82be9b7

  • SHA512

    ee0304b52fa2dd4b9a5646128a6789b973239472bfe75eb076d091c9151d1e378a27e9df1a569fdc158a1e15b8737f625051a7915625120d5764f9b300dffad8

  • SSDEEP

    1536:iYRTExUSh/8yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:iS4h8yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aac63732b923e9dc8f1ed11ce1c84424_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1108
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1776
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1384
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2140
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:406542 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2020

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1091ae1dfe3c43e7a49d56a405917408

      SHA1

      359c63ef68eb6d33f486835b09ca78773cd8ae4a

      SHA256

      935a273409ca2ca8fc0ad532d6347d530bf0985298327eb05f8637b67430328a

      SHA512

      2d2d8e36ad5815476356650db3227362747c6ae2024600355fbab53f194fd9f051214e5a48a9808f74a8f939d77452caa5ddabf0a15c5fc316a8382f303d0aa4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      00c0b2706fae61dc4cbc9d2c894dd6da

      SHA1

      22066c131623c1783275988e7312698a728b1f75

      SHA256

      84a40383435006a91d44b4f2c94bcda97b216dde6488ff333bded63d6190db09

      SHA512

      ae769048b09e661f01a90b882bdb1f5050a6a3f6635ac1abc81adde5f19fbc6cd8b1bb0ebdba31d2c6e822453d1f421b60229d1d57a3ae34d2ba8e474691c61d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f16da8f33aee45381d0b1c514f41c294

      SHA1

      14db9fc46cc187731383c1a21f57920ceaaa71d6

      SHA256

      dbc77fc4f291a49e34d1c24efd97144194ed9b4c54e83e407fdfe58923c29825

      SHA512

      a5ef2d2325b5afe85b8a60aafd283bf80573977a519ea13db4498a694759e5ba6007221b08b69d0ef5118596bb1df04e25b85b2ae527eed475f49181ccb14139

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bde19c1ff5067f574d3c1a0a047c0455

      SHA1

      acb089e4798d07d1ef20804f75caf4903f6b55e2

      SHA256

      859a0a1275b365e8e009a2bdd66f33f473e1be5efb127f9939e57e5f8337c220

      SHA512

      d45c9e7fde8ed43157c24636b5bad5d15ba71d5c4bbea7399e0fe672de3f0e62c1f3edf029c007ecbaa10b64b6112f1ff956a096880104ecb8aef3fbec3d2265

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4d74b5e622512d534307843031960f5f

      SHA1

      af72ad1c77d97895a5286464b9be75d7b3688f29

      SHA256

      60c5b9bcc178c0ee0ee4a923534d6be06f96f7df7bacd1fa36838c73c449f50b

      SHA512

      25478a50dbdf46718ae34533bc4d883c59595475f2f3f5e508400880b9df82043d8a37a2b0f8b92e9c73ab327c419871d74bbec2512c684c74ddf359cb56af2a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      31042bd1b4fa4cc9bdf3f57524647d1e

      SHA1

      0b4253938e53d1b6aa0cf3941904f02985c8fd41

      SHA256

      d3306aa26d804ba4802b78f6e772a10a70fd7b0b480d89ed14e5c93567a75b6d

      SHA512

      fa7de4508852214eacd60fff022eeecf816297eaf9b331917594f8f2ca412712cf635ef1950279870deb2094f5bd5776c88ee02d4555adc7bec6be10aee7bff1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f396c938df6531a714e16559beaab1b5

      SHA1

      81af8be23519803859ae4ffd429d3a2884082d9b

      SHA256

      8efd8c1768254c6b6818a06e518788a92f5b9a489b61c56c1a803b0406d66fc3

      SHA512

      ba0da4e69393e0915b389e0153e8db888719d0e72c90da2c08ab8c630d95d8832d27b23e03d21053d4a1520b76e804d7cf52d16c968cce1107c34c71780a4405

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1ea0b3e771d25d992a60c951ccb094eb

      SHA1

      3cab04add1694c95a981fa331ec5b44b35378613

      SHA256

      89460d3c5ac40b1011e22b1b0fc007cf6b5c621311d00c9e6b7d6548c336c7f7

      SHA512

      479bacd7674b9980a7366b9a927ee4ea5de6009db576b37c30b150fe945ea48e0bb43cc1275adf79806fbc12279bfe55894689a6ff1573fa3609b75ebdff61e6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      20923a2f27d64b7e66844a3993495dff

      SHA1

      fa606877b3c8d57d167e53fbb8c6711f0b84e0e8

      SHA256

      3e7c6f8c07f78f7e1c6b93e959214197e70111307d1f58544983985701eec32b

      SHA512

      e47ba2b60cf0fec9cb354709736956629bb6e9174318e80d0c64ffcfc686b5b7d2163ca5787119cdff4a114872a778634ef8e01b37264c33deae94055a20de88

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4f4482a2fe86af5d2d1f1708377a1215

      SHA1

      6931e80b0444e76ef56c352530ec97f3fedff265

      SHA256

      c680149b20209d8aa2c25c5e59aac864631506f77ba4e0883fdc43ac6b80b1df

      SHA512

      a8878a9a6dd146cd67a519198cef416ee81cce6cb53051e1fe5f768931d5af86385138b56d2731293996d0f341b626b9fe9f2952cba69b2a882ad8f1dfe0f758

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e15b40f00daba17fe48b16d0ce281f91

      SHA1

      778f38b11f461a550159f80464a58709ee4e0e3a

      SHA256

      fdf1f4569e9030191223547fd6a090ca765777faa2a98c051a72ca291e978c10

      SHA512

      c81062e0694e359c6a434c4a527e181f31ad78204b6bb4c60b1df97c5717f1421fb44eb13abdb4458f63de3bd8a00f785d55cf15f68f9db775d40b4c2c167a55

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9751e89ef5c8fa605add5840fc97330a

      SHA1

      91cdb97ffae13b71e5ce3b18b469f21d8ea01cd5

      SHA256

      1f56b0e22e600c8434b6dd2e80cf479bc5c26982868c711595e52d066f3e2af7

      SHA512

      d1e3a22778967a18eba390fa819ab7b95df0e4dc56c57e900cc3e351161e3b4ca8d3012b9d691598e252f29ed464d9c62238769c777c5c3ad99ca7fb73c2e973

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0cb47869bd3299b583cc52e4e7264590

      SHA1

      936907dbcd73904a4c41b0aee07519df8af79e08

      SHA256

      c4ad221ed44c98bf8fe1d8af002c65f18976616d589436e92e6c1782dafac440

      SHA512

      9ef0f74d83c42a11a88404dad718d8c19ea674badb6b24b0ba83db553d43484b8eb8b83c4833acb7dcdcddea61666e3148d61fee5096f1ce3bcec627402608f7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9ed106b91f884411394b7a909a299386

      SHA1

      989c0757528d831bcd5ff3fc804bf70df6d82baa

      SHA256

      b62328dddd620eb277f0e7c86515d4bc53946c3d06eef7171a760978b512af36

      SHA512

      7f82ecb8ffcf962cfcdf2dce275dcd6e80d12e7576164dfe78e9b88fd77b46bb19ebcc0f7326560411ce73a6a2c5de3f99c0f6e79817f728000bc36546415bbe

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0bd6691f7fccf8fbda10476f2c22e00b

      SHA1

      e20d035a92c38bff6c3d505e38312a6f2578ebb5

      SHA256

      992cc10da8e6d251b0f3284c24e3899b1ddb4e17051a19889af63093deae7fcf

      SHA512

      141ef6373462ac3567415961e43935f28aa7cce368e07781552ef5979e9f9df7496b9f4a6a39eb9383819f75cb5ba08a46688b51a5a8becc8b5ed1e194e6bb84

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      59bfc2593d6fb248ca8edc704107cebb

      SHA1

      fc5e4d82a1f46b394611c22c7fb39ca14cb9b95c

      SHA256

      8cd1c87168c912b4c86b9d6ab65572dc9ce760e398770a727a6af0bc377c1aaa

      SHA512

      635e1066a20237fdf8b57f54afe248bbb6ee35a7203d69fa62e90042fa191d070d3934b8ac2da7092e155bb36e165e39a5674d96dd315d4e8233b9fdece2931a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dbbc1bede47b62ca1398b19d33822e25

      SHA1

      a1f2992a44b21335d6da73677c1abe939a0c72b6

      SHA256

      b0f0349dd81174f06cebb8810bd947fbd726a7539d6f3a46c43077f3508068ca

      SHA512

      c4ba1afc34b0d323b9e22aa0a569116e89a7b45dbf3776cf26166894ae53b1f7bdd4c1b13708266e730affa4027fe299bbd89bf473f17c55fcf4d0ad518c74aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d378fe1df7ab099e3dc36e30ca49b3ff

      SHA1

      dcf84993fe84c389eca9c101ea0bdec0b9518d26

      SHA256

      751cd13f061307307fca8d62fb5ea487ea0270cb82586b8d046b4664b2ce9155

      SHA512

      857dcecd892cc8c909d6f740d2e244b3c991eeb573a04e269dbf4bfd47f69108dbf897e265068dc1c079a68966d46855d483685123e2315838112f4df00f2301

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4a0c407e00543267b5bb428242134eec

      SHA1

      cb0e72d1ae9cfb492b0e610ff18a079c071172db

      SHA256

      5febdc163ebe94abef8997562799ee6f8c95673f7763d0c5e5d39a6d6485074e

      SHA512

      4f19e5affd8be0b62a431d12b4955c21802b232b5b28bf3394b617fab8cb465c557c19f27047cbd02cc99dd9f6e9ea8bb679dfdab7cdfbe1435b252ed767357f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5dfd38fee63a2df3bc3cf67db03c2801

      SHA1

      92c2327da7b63ad8439897196bee2ca21adebc60

      SHA256

      286a3f78899a0c9d139544af5dd7c589962b0fd036d23d817edcff157618df2c

      SHA512

      97785af119734514c660c4e9db70676485300dcacdf1a0d635c6ce15d70225633f17be7a46ce9f8254a2f73213288dc0764944602f224d5393aa626bbb81d17c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2eb119276d540ed880adaf3caea76a04

      SHA1

      71620838cc5f3ef4995fd9ffb203dec7f7f343d1

      SHA256

      83ad41a8d2048fd46ab4769189d22f2d464add42494d24684adbcf4149eae51d

      SHA512

      566d77ed059eb889af663284a8612d3b780beb2d972401a12d48c2a7a40275f672ccc7b57f39ee93310ae6d8008dd04f98ddd478b6dddefadc073cdb8052adc2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      78880c626ec847427d3dbd40ba2e55b3

      SHA1

      bc23c6e8a5bb50abeb9763f90ed112a64e77a552

      SHA256

      44d15cad055a0ec3c8ef437dd565b1d1dcdb669b0281b8eac6f7640926ceac67

      SHA512

      8756c3ad755d4db61b92de77be80a4ba2fa3df4770e95f669e3e774dd590a13c8cf738433a670af4edaa1c4781c5e444f9b2bda203c003236596deb1ea124a14

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c280b5cedc089a1fbc50305b73b658b6

      SHA1

      ffd705dd0f37e3a8167c5fa2d2aa4d6cfc4406f6

      SHA256

      5e7c2f7dd5e29b2f8344a7551a72c1a50f57822d96825d3bc97e1e8c5bb7b628

      SHA512

      826f233a7e499946f07c6058f3d5517c42106fe8249e2e33db90c00497b5a5dddf13941a3f2400ae87494bf462d66d6771856e8e1256ed9c8e2259a823361206

    • C:\Users\Admin\AppData\Local\Temp\Cab6C2D.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar6D2A.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1384-448-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1384-447-0x00000000001E0000-0x00000000001E1000-memory.dmp
      Filesize

      4KB

    • memory/1384-446-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1384-444-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1776-434-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1776-437-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1776-436-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB