Analysis

  • max time kernel
    136s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 17:11

General

  • Target

    aad7e908b8faaa8784264f42021637a6_JaffaCakes118.html

  • Size

    137KB

  • MD5

    aad7e908b8faaa8784264f42021637a6

  • SHA1

    8291256feca445fb51e53f9e61dc9ccbcde97776

  • SHA256

    e34ff39ef9e955b4e205a0521926aa66c6d044f723158b26f1466473c2f2219c

  • SHA512

    51c8a1c5a2f9f23c3fc6de2c58170b56d40d0a343b701b062c92fd830ad3300f9bc794e71107698de1c4df0a4daa75696f59a6c7cce21721a72db3ce0fd957a4

  • SSDEEP

    1536:SSRHHjdE7+j6w5uI5prJ/lx6lxOi21Wp9Oe1rfcA+TEK/fymLEyLi+rffMxqNisl:SAeJ6wyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aad7e908b8faaa8784264f42021637a6_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1136
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2440
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2368
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:472071 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1392

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1547645d4aa90fef8ebbd76b2c78094a

      SHA1

      a018084ca2989e051adc0f756f501f31dda7c078

      SHA256

      3ebc180a70244dbbd523b6021608ff86a9ee6b9bd42813eea534a7ee87ae245f

      SHA512

      2f8795b6cdc4f63c88206b867a33389fc3ae8ebda9300554cad9ccf626fbe382d935f245f9f06e8f587d27a09d445ffa8212e7549c298000c8bcb23a6d9d2116

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      69442cc0f01b5cfa9fa24197253e7ab2

      SHA1

      4ca7671329e1f19cba656522b10dc00efc3d6dac

      SHA256

      3dfc63eef18592a5a7c1094aa7c606d5e63fabab3d615771dea3c2585d8ac375

      SHA512

      fb70390fc4a46c9f24e0c4ee8e6d639ed31a86795823a1da41b8cc1b01b0f430acd782092b35315520cd98993f7162e3987302ddc8b7f582db8704000793d91a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7eddbfa4fa51b836a619dc0a750e4460

      SHA1

      95eac0b73d30a14fc49192fe74726f7d8dbb7ee6

      SHA256

      7317f68b2999c4350810d7d450ebecbc475957987d2b88323374ad1386418e6b

      SHA512

      ab1d316e7d7ddf46d7de512a0e9bbcb5eaedf9e6841701ee9ee2f361a12358b84d75c25df275ae249a24caf1ca2c1614097485cb7e5cf39871891fb9de9f9a11

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6c5b98c22b95569e15137c121cb18efb

      SHA1

      54bac1fc7596c678e687bb318c831af7fa2b72e3

      SHA256

      a0e369a08b574bf3a213ab0e885284d4f30e25edf99d168df7a261a08dba530b

      SHA512

      5c6e99af60d102a52ace90b8d6773630a8e119a10d1b9c32b60569e17cf01dad31f69e6d7ffd4f6a0591c04884c3c3de6fed72690157aef2e4a33935ea513d29

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      84402c382cb870b479ca7acf62cad651

      SHA1

      4a92aea3f5143c847397cadd4dca675daa0a6a5c

      SHA256

      c81dda6dd2544f4eba7b628a9c5b51b3a8f9de2cfe627b3bcd5a3de81458723c

      SHA512

      2200744dd545d87ba4b193afb81588d109e56735b0c12ae4d082744439a076cf106faf11bde7399844d46691424c0ff56b49975dada196607edd60a73fe0a85b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8e7a6dc6d5280ba8ba7cca8635188372

      SHA1

      a368b57a355a557ac165700fa3d0a31e26747aec

      SHA256

      ae4b2fac299944cc7bc757095afe6ce57f205291ba61925a057f0381d44fd4bf

      SHA512

      1a443576cf21c90974199b0832c0b09b52a4dd58b7605fcc23f3bdbb0b9946888a12f65209d4bcf6f160c05cf26355071d26b8f65fddf96205109d703488500d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f294498198a4cac1b3b2a9d719dc11a5

      SHA1

      85510a18389e29a137ff774072cca6f83350978f

      SHA256

      334896aa418bdf56ee79e7bc89427630566f6993fcdbdf787d92182bc7484ec6

      SHA512

      26ddb6c38b94e3f5a3c0d46dea61e3729a4a0bea4bc9e2d5685fb08194e7070a9f660c12c546715ca046920f62ae8f931bd2b51569b5d93b4b2fedcfa947d35e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6d6ea7400aae06ff4566c6137625d611

      SHA1

      64fb3c968988a6919befe4a9b61a074d651cb6c8

      SHA256

      fe720e2b6975db0f3b2035facff9d25400a85c5a3cbbb80552b252ceaeaa2d38

      SHA512

      e8be5f34078b158616b753b395bcf25d76139c7877fcb69369a1ffb87edfda0006555d2827db0e182c05696722d42dfa75fcbf9d9925d15f85b8b176cc6ca86c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5845a2ea2cf80a29ad7bf4e32ebaeb1d

      SHA1

      0d99810bfdfca4a8a72ba7aa2bec23f7d5c95ad4

      SHA256

      08d57883edb144751e4c2c8d4fe25d9a40480ff1c03a8dc2c5c8edb3b791c3b2

      SHA512

      69c07a6dac125114ce1351d571df950bc42d815e10e14355f41afbfb881ee0e0595a97b0aed72273c9574e248f38653111ca9c2cc291773f6fc58d4b3862a55b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bd29f74fa201f5e0d1d7c9b66215aa75

      SHA1

      8e385ea784e481c3a84be561d018c170a784ed94

      SHA256

      c4b76caa03fed8408f20bf6d01ba8472dafec81856c09e2824626181abe8bce2

      SHA512

      ab37691894df3370d9291987087a7594d19fabe12c95cf4ebbd06502dcc0d4a4bf3c4d18f3e5467ca01bb7c7493c57c3d5471f83e6c1a555fddd706d905855d3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      201b9c37b0f8ef11e8bb9e966c927056

      SHA1

      ce057167d016450978f0dd34709a519f36f47e05

      SHA256

      73dc725eb48ece94d18db0c5b201ebd03dc59a3ed0b1a54ebcde4b3c92b3e05d

      SHA512

      c256cc862e7fb8ae81a11d33b3260138e80799fbc81ec2c2eb129c14903d577e0797acfcebec2cff810c798aaf13a980e1fdf99bb32368e164bc685545ca3d1d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aec178b88f2a4a96713ca569f20cd4e0

      SHA1

      dc2c2cd7fa541f640cba07296bf503649c195b38

      SHA256

      e780c3760ecf1ce414b7db8768991f30f19c0435702209bf243160f7189225a3

      SHA512

      66b359a69b96d647e8f0a4d2ebb483ff7075352cb7d065c64bf114d3105c744c2bb7a61c32f3cf4af59d3ec02ff275252ed71b8fbd23936503459d4346f937cd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d52559a2f07b45183fd0639d919be1a7

      SHA1

      34514a1459086b0586f6fc9303f610cc06a1b61f

      SHA256

      4654c954ab57b5b5674c0215c42e0c77e86ff0a460de6fefa1efed098e5c7be2

      SHA512

      140476a570f496bb9845ccd2a5edd45854b81102c2bb6fa80718f494b63dfea34d6eeb5f367fbc123aa456b5874f5f58694c0a7b56a557c3a16f711baae89a78

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5036c3f576e24b0935ed6509dd6bc372

      SHA1

      29fee5a6730fc41dd0f77620adb5cfa9b6b80060

      SHA256

      d88dad1ddfab59e987f754bbf0a823e158cadd2c559fd09f5cfb9249cd73716a

      SHA512

      777a90172e84bce7138f16150d74e15f68b493310d26d9a4d5655e09ca39b30369cec633687dd95026c7188ab0a01b5c6d7df5f8c830acd1857baaf8ba201376

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f4abf292e14e00dbcb8b2a72821b474

      SHA1

      36993141db8b7a853039e4dcfae92d8d1f0c5370

      SHA256

      1202b2302c7f97aa8065fe54f06306b5a9247b24ae3dcb5b0ae1c729347cda67

      SHA512

      67ecd9999920f3a6058f8cb0e2cacd410c7b8c2d9b0a5177b4dc32d039e4947f9dc12021224c062c3d218c8fa9c4e47248558f79c47548595bfcd9b10267a151

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6c52333e88d03e4559c81feee2a11418

      SHA1

      4644bb1ac5145d289d9f3a62f82292fd1e1c195b

      SHA256

      a52890bb2825c1e59f3ab402c1eb4e835628e32a3881a017f685112efc4e1f18

      SHA512

      4923389df2d81aff217282c0e54d10143ce793c3916721af2f2f827d3c5bba3081b36e7c1798d3c9b5cf78b91dccb93e2c7e57a0ca99a64919b7656b2128bb93

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0b4c31e786ca57e5be978aeaad4f0a61

      SHA1

      ef17d11182dce54621fef993a6e433f260b346a5

      SHA256

      b22884d5fc9a803f0b73691e3661422a9702adfa4c6563ba95b1b866191eae3d

      SHA512

      edf8d1c61c343ab69aa445856be68b9f832de6227c43d289b21740bd02cc9ceede73a22e07df817acff438cadf696533ad2d1da658a37c7ae518228fa14bf6dd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      68710915befb6dc5bc40cf083e07d545

      SHA1

      990329d8ae4d6956f9d9b7db76cc7b6062fd4e30

      SHA256

      1a6f79cca6f2419609343f8661f2b773c68827d53653e53abd44d48a5f22e02d

      SHA512

      4ecbfae8404fc94de63eec39def0b57d2fc52d0a1d8512bfafa429effb137c8d008ec8a6cc6f83dfbc9541ad8d610a9555b7b6f50fe5aa69e1fb4b2957ef149e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4a187b67f4f09f986a3d30e7e193f57c

      SHA1

      66a0a13a45dece3468aed5a8f5aed0353c4a5816

      SHA256

      548555ad5e5314c0f3fdafdcd11a5469a737b2a400029fd635b07659bec6b6b0

      SHA512

      b1ad3d4e4a807d16846204f0dee57343bd78eec6b487dabef59f5ce8f208abe502a108b524f325640f534d8d8c416cb0e07464f02b9f61c6d16beb6f99e35204

    • C:\Users\Admin\AppData\Local\Temp\Cab16EC.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar17BB.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1136-436-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1136-437-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

    • memory/2440-447-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2440-445-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

    • memory/2440-443-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB