Analysis

  • max time kernel
    139s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 18:20

General

  • Target

    ab1b711e1a8270f523c9502def63ca36_JaffaCakes118.html

  • Size

    155KB

  • MD5

    ab1b711e1a8270f523c9502def63ca36

  • SHA1

    c15db3ed7b9aaf551af1c2b318d6d0bfa669d1b0

  • SHA256

    d464217e350f596f7dc181d9703cb2b324d37c658ff97aebeb45a9d633c38acd

  • SHA512

    653036bc10b18a2972fd9d032c02693834ecb35837ebb4cda92aa80aa703c8cbfe87ef40583a5533883fc01fba7fd06d856134e324dc90587c807c3d5be1bd0c

  • SSDEEP

    1536:iKRThWGKdIUI7U/KhWyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:iI+C/WyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ab1b711e1a8270f523c9502def63ca36_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1116
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2036
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2456
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1560
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:209937 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2896

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c92aecaeb6c91ae475cd5d41d67860aa

      SHA1

      3bdc781c6d614d11c4bbf40d7d16c7124e520736

      SHA256

      af4e5ad83a25417c07e8cf963a2f5f8651a4251b629b3d75ade0c328040660b7

      SHA512

      ccdc3830287a5ce1717a6d12339877b57f0afe3c8f9ff6644a5f0a6cfa840f78fe83e49e8b271409a79b76abc733a5b3fef0d9584f3e694faa9f54786c58450d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bee429f678a1bd17a9792dd5f469d032

      SHA1

      ff1189016fb6886325c7d11fb5e54811e7b9581d

      SHA256

      1ae8c72373d4c9df2ec9cd2fff55d61b92c6b2152339196f1cc4ec4987919ec3

      SHA512

      beeef0a8c3ce603f9b88cafcf246a971add1fefbaa52dbd6c76596524ddf27ff4d9dd62ba7eac3e138bf7e2e5797bd31b8488160f25976a350d4b7bd2d69b394

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b2cad048491ebd6589da948e04a15682

      SHA1

      cafba6a6728c337f1afe5e0e563591da0885ebbe

      SHA256

      c45ea0c8cf57785ed133625cdb125072ec970b61bbbb1263d36f1f11fe000d89

      SHA512

      f82795ef44c1369351f282249dccbcee3d31e40c0c714d1886877eb11941d9528ee1d28d41ed4a12c17c8b9f0248d3ab70efdf581e061f27394458c11626b6bf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5cf4fd68aca5f7640b9cafd9947edf05

      SHA1

      05f5f765e202e27857f62001a3a7be12ae97a367

      SHA256

      32a8b5fc62bc3bf255604746ef18fb22c3db874ad21bb500405ced0669a54010

      SHA512

      432fdd8cff40f934c999c0b891bcc25c3b4eb916656c5f99a28b7fbf39f6b4474d0e72ab7c4bcae2764e915989d7c0018e00c15989a6b4b913d9949df98c99db

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      989f094810aab554b3f51ef0a338bf73

      SHA1

      261b7ddc8fca28352540096a9252d5865b50151d

      SHA256

      26f75725eadc9c1de4b82ad747a9ce2276f3b6f762cb29ca99c17652200710e8

      SHA512

      31dd2656f6f62ac49f077acc6f97f3f578f24c58c3b37347c8950f1dc6e6f0d9816a4554511af4ddd457fdca60f50ee0a9d373d9d970143a06213d7e8f7bf8bc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ddb14af093d1627619f1272516f290f6

      SHA1

      d7c3751bacc66448d4e4b6d1f9f7223fd4d22a18

      SHA256

      8a1029b122101a460074bba90420e34f28826360f00e5593e71e3c7fab4ca692

      SHA512

      e444a314a062f03194c863f364eee27809ecbf53bb12bf68020d0bed25dab4fcfcc5cb363c0bc32ea99f5a616cea5b227f0348186d0c3f97c334eebd204c5a17

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b4e80a247e9f65d88d91b22c040accd0

      SHA1

      c9870d8f911752441b685bdc76f40518e86273e6

      SHA256

      5a6f750cfe30ffe1063f38e0d76e421f5a75d992f93e86d670eab6bf2c26ea62

      SHA512

      1d667d568d239cc5865ceb63addad1f44a90f223ed90c20532607e5cc7eb1e8c6a40c844fb824d15e3d675762e63541406d207e3d15fa232ef7f3ff63dae5964

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ad455c08cd733894dde386882de139c1

      SHA1

      db337d89ffa81e1dfe2eccd8f2f1129c57b3bcd9

      SHA256

      b4922adca41258459b8601f24e60cdae9a6a4feaafd83e70e74f1879f7112907

      SHA512

      ea53a0a1c7fd2802e30f1012bbbc5932e37deca20160e820ff2e0d65f465bdeee7e53f56e23a811523beeba83e93f45c6477abdb5e14c3d34b2b76aa077d2a7c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      90521b39d8ae4319721fc82a45e53339

      SHA1

      6a8e603a532665c8e2d377645c939a8a80648b71

      SHA256

      facf1dce8b4f7fb26c42d8ef3aa4c595f568eeec20be642232580e3d6e762fd7

      SHA512

      b4195ff79096d5c1c887e502d8230789da5626ccf54386830027220629804bdf957583cde4fb3766c49ba34c08d12a160d309c801637c1dcdc014bb5681f0d98

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3d4138edc86578b6be159725d151bad9

      SHA1

      a906e4917949ea97a3b39fe7c0d36c31750ce857

      SHA256

      5bf8bdc5a63ea359890eba678c274499ca0ad04d5e34ee7ef87524e7d20d9f5d

      SHA512

      ecc58171621b7c79f237035cf4dcecc0c92651649a2d3fa8251ee9ab590817bfeed93b4190ad8ec2fb1bcf73604dda9c933418c147e299b27705780844f9a7a4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      89f27f99787f24343aa185e7ddb68a70

      SHA1

      520bcf2b8a361dedf552ebb2b11a616a01bc6b54

      SHA256

      0d1203602f8d32828efc98fd41c5238cb0e71c8c92fdfcedef3e004325bde3dd

      SHA512

      674f984bed50afa04b2503e29041f157a508ccb45434f8611c4982cc7d5e380727930aee86def247189c1c5b0deccd5728a4a7d7e33bee95cef40194000c29ea

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8b3c336e7aa3673ae052564e66a71a88

      SHA1

      c29c0dea8740c213187cb2b7bb414bf009a18200

      SHA256

      c567aeae4080fb49de3ac7beeb867f4c296417f1f3486ab3592c22321babd7a1

      SHA512

      0d9aebf71c0e3420bd466ab2178a57d62970dc46377446735e18f68bfbc0b4662a61a28d3b283ba12a34ed86d8529c67859556c03f625e03d8d5ff30d7c592f3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      90c3335ebce2c86c34aee212b247f105

      SHA1

      19f1ec31a7f6198429aad1b9a8273b96faf2c9b1

      SHA256

      9acf44ab2b719d7b61053836bab3cada2790bb9634ff64deec1de47fad24fdc9

      SHA512

      24c309cf60fcdefde204900a9bb342ab2598c02e7c3349b9e949e9336ce0a6d0a97d16ff1568782786c2f4681f869723e94d41dca4e119984f8dcaca9d24e568

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cf590798abf88a3a1bd63943e1bd7caf

      SHA1

      0e591f67d04ecb23339e6b7998d8ff6827142286

      SHA256

      760472e213e34a11f887ce772ccb3dd679a6b3ddf123f0b9e94bb36f4704de28

      SHA512

      5e5ff2c63285e5a1422022736a7631e8e21541bd07718219d217b0e860356f88afc3c0a8d3abd066997a62f5d3604b267cce95b373f7bca80aa01a60d1a6b746

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      18fdc1144ac336d94a055de9891859ff

      SHA1

      093a70c31474533ed5393aaf8cf1fb52c0e91ce1

      SHA256

      797cfe9de04cc6ce5fc7f31cb84ad26f6efd7790fbadd940d62f52ca4b3a3fc6

      SHA512

      bfee232919083be090c93cf365b91b445163d317db6935dd5d5f662963a048996501b59d90150bf433429bf2c976cc48eb0756908d31bd82c168b59acde34063

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fd1daf92aadb21fee1c0e7a63970c716

      SHA1

      5215bc21f84c14b5054a13abb349cd7bb24920b6

      SHA256

      8946afc10b4adafe68d5895506c19d7f43c86a1df39ecf6d3af83cc70ff09bab

      SHA512

      e24b6c08287952a0e0dbe85fe168ef6191afa435460230f0a46eb431c8ae9bcf40e4dde08e976737582595e2c90dfe558403ee5e0d3858a798ac2967abfbcda5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      afc67b6e897ac2939cf058ef1a227b23

      SHA1

      dbd7fda05378e528ba628c3c8073287eceb69e6a

      SHA256

      b427e7f25435993aeeb6f3470d3ccdfab0c4f15fa5bd788e7802eff7d5b35c57

      SHA512

      d26e44ebc2bd67e1ec24dad2de40a93a8fc0127ca158dbad15964d25dfe012abb9866aa4ab0094d4b1bcaa7686d265fca286fa999a9a5640d48647b6f8549894

    • C:\Users\Admin\AppData\Local\Temp\Cab4FA6.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar5066.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2036-438-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2036-443-0x0000000000240000-0x000000000026E000-memory.dmp
      Filesize

      184KB

    • memory/2036-437-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

    • memory/2036-434-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2456-450-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2456-447-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

    • memory/2456-448-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2456-445-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB