Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 18:20

General

  • Target

    ab1b0babac209edbf77cdbf5bd4b968a_JaffaCakes118.html

  • Size

    693KB

  • MD5

    ab1b0babac209edbf77cdbf5bd4b968a

  • SHA1

    7e00fa4ad557249d804dfc569282722f5e49ba14

  • SHA256

    723c38d430f33ce472e8bdca4d6c04945a775ea60c0dffa8a9bc3023b4d0273d

  • SHA512

    ff9b849f533577d6febbdc312e52b0e285b56f3a415567bae692a3eed7ec1beae6c7e7872a8305a6f1901e0805d89b3a83d6a4a5ed40c8360e4c55416d42e9a6

  • SSDEEP

    12288:Kk5d+X3yBuv2kf5d+X3yBuv2kN5d+X3yBuv2kO5d+X3yBuv2kE:Km+SBhkv+SBhkx+SBhks+SBhkE

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 46 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:384
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:480
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:608
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:1640
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                3⤵
                  PID:688
                • C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  3⤵
                    PID:752
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    3⤵
                      PID:828
                      • C:\Windows\system32\Dwm.exe
                        "C:\Windows\system32\Dwm.exe"
                        4⤵
                          PID:1168
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs
                        3⤵
                          PID:852
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService
                          3⤵
                            PID:976
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k NetworkService
                            3⤵
                              PID:284
                            • C:\Windows\System32\spoolsv.exe
                              C:\Windows\System32\spoolsv.exe
                              3⤵
                                PID:920
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                3⤵
                                  PID:1080
                                • C:\Windows\system32\taskhost.exe
                                  "taskhost.exe"
                                  3⤵
                                    PID:1112
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                    3⤵
                                      PID:2124
                                    • C:\Windows\system32\sppsvc.exe
                                      C:\Windows\system32\sppsvc.exe
                                      3⤵
                                        PID:2916
                                    • C:\Windows\system32\lsass.exe
                                      C:\Windows\system32\lsass.exe
                                      2⤵
                                        PID:496
                                      • C:\Windows\system32\lsm.exe
                                        C:\Windows\system32\lsm.exe
                                        2⤵
                                          PID:504
                                      • C:\Windows\system32\csrss.exe
                                        %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                        1⤵
                                          PID:400
                                        • C:\Windows\system32\winlogon.exe
                                          winlogon.exe
                                          1⤵
                                            PID:436
                                          • C:\Windows\Explorer.EXE
                                            C:\Windows\Explorer.EXE
                                            1⤵
                                              PID:1204
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ab1b0babac209edbf77cdbf5bd4b968a_JaffaCakes118.html
                                                2⤵
                                                • Modifies Internet Explorer settings
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                • Suspicious use of WriteProcessMemory
                                                PID:2904
                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:3060
                                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Program Files directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: MapViewOfSection
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2628
                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:340994 /prefetch:2
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2440
                                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Program Files directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: MapViewOfSection
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:2568
                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275462 /prefetch:2
                                                  3⤵
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2464

                                            Network

                                            MITRE ATT&CK Matrix ATT&CK v13

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              70KB

                                              MD5

                                              49aebf8cbd62d92ac215b2923fb1b9f5

                                              SHA1

                                              1723be06719828dda65ad804298d0431f6aff976

                                              SHA256

                                              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                              SHA512

                                              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              a469045b330466127aee862ca38a0749

                                              SHA1

                                              a12136ba1001d5340559e0f6aaeaaf60239beed1

                                              SHA256

                                              74d12ba14f73e42eaccdd2d1ec4b53b4ffed5eb0f062ca9225f05689b72d4315

                                              SHA512

                                              1c68d08660a3860522970583f40b14545cbc665c00b8b8a05c19efea6bb31163461ae2e871c57ceb8d9b8f5f3136b70cb10ded384b033b039bd5b466f9366b18

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              a80137adc37d1f8851c5c933c69872ec

                                              SHA1

                                              7a4b6d99056e27acdca4e597d662786a314be5c9

                                              SHA256

                                              656816b4b6e0c0ceedb822c62b96d86a7a6f9eb55d95842fe504161eddbdb648

                                              SHA512

                                              0e32a46a563808056dc5f6c022da984e14c101e70faa0347b27315ce25af2f4fe11b08b8011040e83a0ff685fcd47559d3e5bd28a444430f6f76768f2eb285aa

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              15fb2d5226c47007addee3e938f3042b

                                              SHA1

                                              d2e00be7593981eae9c9ed9e90faa08b6fe702fc

                                              SHA256

                                              7b2490dce1949035ad406e94d4cf85401ffb0ac5cfd67d48cac279ebc0c68c60

                                              SHA512

                                              0c86e981748014f581fd0f8edf1ce2f216384ed6d4f6ad18c913322c8c188184448a9a226acdf1d8955720f51459817515057f65a89ffdade0d1e3dad0c61c08

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              c0fe378cdcc484c1c1f3660a3b928662

                                              SHA1

                                              c86e3afea3144cb0287cc6889b4a161806048f3e

                                              SHA256

                                              b217a320b782bd50afb2627ecf53bae591db950ca8e736ad11f82787a4f0d885

                                              SHA512

                                              bed703c8d33793aadb57033828ff378da22da7a243cc8f78067b165ccc38464a4eb3c8852fa373bbb56f84ef5bed60ac66ce9be3eeda48f2dea3d7d69751047f

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              0acd389b43be474be26f1c0a1da224a5

                                              SHA1

                                              9bff24c2cf501892d60dfd231a13e3bf10bdbb17

                                              SHA256

                                              b553051a667497a34e54fd120184f1e88a08993212f2fa5babd580be82119f28

                                              SHA512

                                              d8c75cd37fc90d39c808ba071d4dd2b3a1d71f85053611153e33f36ac213ebd06aa7a25149054b45e861e23608d71e79a995f0b962ff6c1bfdfeac100d5b8a37

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              d4a524de89e5fe710561eaa8617da12a

                                              SHA1

                                              6deb2cc846d4fc058646a342c75d3534def8af55

                                              SHA256

                                              43b9927a69a870bae5beda32c4d03185210b23e4367390034b1cc405b9b5cb00

                                              SHA512

                                              0e9f253db6a8e585b0276d60c0bc6ad9f46da08deffc850bf9acc993c29b2e9b5565ddae1ed2fa6bb4394232fad5d6f90adb11206f718cd2f6eb2a0f88652980

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              a5c8fa44027eae83f12e93bdd9e7386b

                                              SHA1

                                              5868937b6cd7035f5f5cefb4aad1e8a3fe122637

                                              SHA256

                                              01c82df33c9f7f674bbd2d0e08bac762c421ac4c42d0037eb4505bac21b8ecd1

                                              SHA512

                                              a335270ec608513b79b1769c73e1ae3d815aa5844f8d86a0fb2aafbe134098140cd69e52faaef1a91643f43533200c849ff0f537058164aa83c645e2fabe3763

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              15d20a6bb2b54b7fa6dd992f910e2e1a

                                              SHA1

                                              7161786e92ece4ce9aed81bf6ff6b88066165378

                                              SHA256

                                              998e00e621176027725a1b5e71ea0166174aa97483900454aa2cfed38056496c

                                              SHA512

                                              e9f65ebb602583767a6529a9a8189667342b6ee096204a8f3f0205ea1e3e074d86379b1f94f5d4b291a792b4a05e43a404c564adc53d652032f7f46024e7dd81

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              99c995cc90b004a22efabf2439154d78

                                              SHA1

                                              4ee7f970859ece9949537367b979039f92e6170b

                                              SHA256

                                              76304e57c916dbf871f0610616c46eebb4e973db2728eebcef887c58e08330fa

                                              SHA512

                                              de989d12e1a0fc04f2a67b5fa43a7bd1be82fb098d07b1a8b2ef089fed0fa4b296fd57eb0694978db82bece4a45802800c4fd1b0113936efca6b966569e9baec

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              1ef2babede06b53725f48d4d64ac4718

                                              SHA1

                                              71e49bff3fab9fd4a33f10a492efaa2696ab419b

                                              SHA256

                                              f265429e3c229d3b7bf8f3db041b5aeb371cc8b5804549fd054d42e8a1e03b47

                                              SHA512

                                              1e84d4ad3525056295389f5f0a7481c1a2a7a86d709706844ad94f5411b4222bf13441a3514d40a384b0e1737d25c7fde4506751c94648a02b823e4d25f9efa1

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              49ac4f83641a4c1d1051d771cad2f9d4

                                              SHA1

                                              b68165b784a2df7ab6012ea652d4f10460b15974

                                              SHA256

                                              d277f5f2a0309a20c3211d4b461640df34a3984fb95a9fa4e9843bd45f306844

                                              SHA512

                                              2d691e654e53dad949519f07938235fff30431bcee1c4867a1bf5d70dfb76a27fd038476e07cfdf78ba03b58da23a3235b8226e677bca2308458bbe11d234d72

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              85220ac6758b5f6ec37ed3931d552a7c

                                              SHA1

                                              8cea768111d18c96a2b58923cb227bccfafcfac7

                                              SHA256

                                              7877b5206e08fd5f697dfc3376fbaf9704598ca273b3372cd02b62636e4bf436

                                              SHA512

                                              f3cc1fb8ad05108d452a95a92250a86d94b9866f85792b62f167c5a7f88db0140ee64de391a58b6ef2d25e8702e271ee67b56dba7edb9add5dce29b5fd191ad9

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              d208d5a851ee7d54bb1bf8929a58daec

                                              SHA1

                                              599ca9e19f36bfc74b395785d735f943f2dd24f3

                                              SHA256

                                              9a3197c630257dea71a0cad570f99adb21101e0e860f86ae9fc63b9c0667ca9d

                                              SHA512

                                              573f5cbcdc5ede064e37739ae9cba8b7622f90515992d4af6d262e2e4d4aa5e0b0e39146b1f91d04baa0f8d42821054a1968c5da2105de289c1531ab6f54388c

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              4fa241dc8d7e3d2989ea04da403109be

                                              SHA1

                                              d24e1f81b302d474314e97e36faa5632c5fb574b

                                              SHA256

                                              ff9e7f6e7d71dcb5373b261f354a91611401afff4bd04ae91d36e9a7e679b368

                                              SHA512

                                              f85ec820a375c47d703911ed4845e67b726eee6fadac46ca4db7b5c500dc1b1df86943cac09e8b34e938d6db36dc9c5bfba7a7d6f2a4fae5b382d72b304626e2

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              5121a959cd4fb048371fbe64900d492a

                                              SHA1

                                              cb2c6f8942506499b3562f909ad3587c41631b82

                                              SHA256

                                              957b2da7c07cd63fc8c5d34deb248e1dc096db0be06c6a41feb666b7e10095f0

                                              SHA512

                                              bc4a4cb2c4f4b2f73b61c8304dac173697f43041ed17fc48c08fffd6b01938c7aea4282de9b946681bf0ac5543735473480f5d3ed6363f7483e5a0768bbce25f

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              83956540e92e5bb5aaff193d091d913b

                                              SHA1

                                              55b303e43517bf82d0f02412efd94d3db2760c6d

                                              SHA256

                                              a5b603ceb184acfc4075c661f01f78086c106fb30606224f7238a31b18677ab0

                                              SHA512

                                              7433bc0cceb84678fb32156244c741ae72a09dce5d56a593cad7a84f59fc7b785cecd42b5bbff2ef8cd30084fea99786222d8d19bd4bbc7b96ae188237f9cc6c

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              e840834c5919dc1543f816c20912e024

                                              SHA1

                                              1a702fa708579c0df352a00aa4f6e87abd9a8849

                                              SHA256

                                              cab5d4ea96f6c31af7d54a1e1462cfd4501b814545a5995137f88327661aa464

                                              SHA512

                                              0f40d1ffe2dceab3ae860487bc8653fb002493f404c8a7c1a01b23a96f24bf79a6f3b61c2454edd9c45a6a12311b2188d9db548802c5dc4e7c5d1475660740af

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              884184c341a724bc739032217b09ec40

                                              SHA1

                                              77fa634e57f75a63d8eca76de287a2a28f9f6903

                                              SHA256

                                              c85c054e4822c798da773f7be799df73a9b16165d027bb4cc335a2a15d7b5ce5

                                              SHA512

                                              2ee1f80dd37096ab2d3c71923b6eefcaaee62a9b0e57a87789d31e96b699b97b58cdfbce89ac81bcffb83e5bca3ce912e15a08197f296387368656d809be2b76

                                            • C:\Users\Admin\AppData\Local\Temp\Cab33A0.tmp
                                              Filesize

                                              65KB

                                              MD5

                                              ac05d27423a85adc1622c714f2cb6184

                                              SHA1

                                              b0fe2b1abddb97837ea0195be70ab2ff14d43198

                                              SHA256

                                              c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                                              SHA512

                                              6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                                            • C:\Users\Admin\AppData\Local\Temp\Tar34B1.tmp
                                              Filesize

                                              181KB

                                              MD5

                                              4ea6026cf93ec6338144661bf1202cd1

                                              SHA1

                                              a1dec9044f750ad887935a01430bf49322fbdcb7

                                              SHA256

                                              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                              SHA512

                                              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                            • \Users\Admin\AppData\Local\Temp\svchost.exe
                                              Filesize

                                              84KB

                                              MD5

                                              f178aecc5117a220065b3d94d03d6e50

                                              SHA1

                                              823aed599fb78de47c45515da1a6a45134e62dd3

                                              SHA256

                                              0371e96d26d11993c7dea0d450f5a70ac51ccbf0c95e8d8e964a57cbf9479a65

                                              SHA512

                                              5e1e068bd5aa1afbe88d491f20194037358d01ea9b8b17ec0cbcdee009020092e55daad88bee74461beaa58afcd2b0e366368e09ba7324805850b6eb20e14462

                                            • memory/2568-16-0x0000000000400000-0x0000000000435000-memory.dmp
                                              Filesize

                                              212KB

                                            • memory/2628-6-0x0000000000400000-0x0000000000435000-memory.dmp
                                              Filesize

                                              212KB

                                            • memory/2628-10-0x0000000000400000-0x0000000000435000-memory.dmp
                                              Filesize

                                              212KB