Analysis

  • max time kernel
    118s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 20:19

General

  • Target

    ab489c18a1af9b7f2eb88d7ba0c5b4c2_JaffaCakes118.html

  • Size

    335KB

  • MD5

    ab489c18a1af9b7f2eb88d7ba0c5b4c2

  • SHA1

    3e37a9d9c244d901b0329bd84a2cae4bfcf9468b

  • SHA256

    1f6605f9660a43426246ef2c6be1f36978de89d84cb1ecb8e20dfb94081d0daa

  • SHA512

    f11de132b41ac221ceee6985a59071cf689fa9098a196f6d7bff1e013c5eb044b46bceb53859140801023153d08568836c42f28faeb0f2e7d163e49c7ef93131

  • SSDEEP

    6144:SAsMYod+X3oI+YDsMYod+X3oI+YusMYod+X3oI+YS:Z5d+X3J5d+X3q5d+X34

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 44 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ab489c18a1af9b7f2eb88d7ba0c5b4c2_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3004
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2628
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3032
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2500
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2640
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:2828
          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2468
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              4⤵
                PID:2516
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:406534 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2944
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:668675 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2832
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:10630145 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2684

        Network

        MITRE ATT&CK Matrix ATT&CK v13

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          737bedccb3a5fd304d154328e8201f85

          SHA1

          b24782da8da51042bfe0521589766b24ae48389c

          SHA256

          1568d309945bd2f2b9e21f7c0161ff2c0caf3dab670b4974c557559687cac20c

          SHA512

          6af7a866d97e6b39ca93abbeb564de67b94563214f8ed9c20fbf86e50ec3149cb7c3f248cbe66170a39c77d3022de3980d4f15859e7715bcc4e0cdd96bebc8a6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          790c70c320c5d7acaf8745c9fe15c64d

          SHA1

          297b8f4b6dc2ad7739401b9b5f7e31424e7b2887

          SHA256

          590399494a387d222a49cccbb58d52ba5fcafc01f9f06c176ea7b9c502140f66

          SHA512

          242223aa26da563e18820ff780e30a5e00ed1f3d7a3c90c9393204dc619e66d1e456dcbbebdfc46eb97bbdf69c1df5dc39dc815878154bb5b46f2d31ae3b4b9f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          73db426aa4cbe413e51adefd0ace36d0

          SHA1

          93851258b2368f135e1060180bc366dd006a011b

          SHA256

          19631f74931a714edeefd3343945656fc541a8593a1707dca67b43dd66fa2af6

          SHA512

          9c1dcf424b274524a36d513f429bd55acc8ec676f837ffdf00e2287fd0ba915f2df93cb21be163e95bbf2aa92a5cda4c513601718b52a9da553aeafb0c8552e5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e092baad0ca4f8bb27a151f47a74a387

          SHA1

          735a2d4311393351eb4a0cb676db8f8a047d9712

          SHA256

          40585f6ca7b1587079b83e67ed08ebffad2514f3e33c4b646fa693b433ebfd00

          SHA512

          402480415e1959c2c00e426c67d9e5568cef700811ae3452d7f2a16e6b58e08d2f83ba12bf3747a2bd8dd54799ded386f744cc1e40103e13e22eb2cf3a5c1248

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          47225ab126584fae72aeda28a810306a

          SHA1

          85623e47ba367d86f03a86d56bda5bbf374e20af

          SHA256

          0dfef22ecbb9c1dc6a7a8e98c3f73cc202e82e7ed865902951da09ea0bfe2b68

          SHA512

          15c01a283e1e31cde1666951069d92c090ae6c048a9fc1182b6a19636ab32c41df1782200ebea6219a6dc946ddb8deaa59cfd7403f3d457b540cdb860e98f5fb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d8ccf6d996be46010ca519a90c1b25f2

          SHA1

          6175aad19f713dce2efb7dea34ba08967490b8e6

          SHA256

          63b33e4a01fb4ba4b85882a0e63d4dee02e3e4dcd30b8b89d44691e61784f8ed

          SHA512

          81f0f375520de7573a945357aba9f41e41b026ff7c671fd0b997114ac00d2678f024ffe897c09dab63c2bce178ea166146136721b412b66c46f28018cd2f00c0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b9097e36572642349b3e5d23caaf40d0

          SHA1

          873d780ab8d425ea01cbca051a64652d1e5b50f8

          SHA256

          d91a9fdb0deefebcb67d9b0f2b93a1a3c6366154470d17332d3130c0945c410a

          SHA512

          ac129698daa992e2d1784cca388b42feb6e00f3dcaf5342f7bd3ec7113dbf177ebb78cb82930c00ed4904fbb551d7ec39af25f441cf8f52c3bcbbd4a7ec6d69f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f9957718a100fd7c1eb056e62a7748a8

          SHA1

          7597e097dec162402d3f925cb2f87b802e3ca366

          SHA256

          b089391efa55b8ef97521d922159c784ece216496335b4ae9d5f20a3d6354123

          SHA512

          adef2c770f7dd104c28e58882256be5fc542b66d35f6736a7e2d37dcb41adf5f1f2e9a12243f596df3c8aa9db58239d17be766b56b6043a398c375213ebb0973

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d69179eb24688c41b7a6a603ecadad26

          SHA1

          367e8224d3c71937a4c9c69413b22ff7a3e976c1

          SHA256

          0cebe53408970801a6d94c7d92c1724940bf021a42100435a9018a6bf00c7c8c

          SHA512

          c8a68c5277f765666e6589afdca084d1abe514ce06ee3bccdc4e6743b96127fed3b7156b3470bb6a1beb5a099d14365817e4d2c1bef55d9ec54fe1c70327fd3e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          08d7a23f27092d97c202c286302538cd

          SHA1

          66e593723413cfc5d06b39cef8137d6397d84777

          SHA256

          3cc3915ee086c65aff219949d86104c9deea6b1e1e188c567e60419ee9c32dfc

          SHA512

          0f9b333920c2b805e0e06a20d424e7d28a40fc1cb61c274dfc1bc8393faae4b8290b30c120c282e87fbee23c81acbe77fcddcb62e7705f9fab715e37f4445adf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5fc2786b56c077bb55d49bc50eab54f1

          SHA1

          b1ce5c13c8f49f4b7a26c1636e97d83383df303a

          SHA256

          54fb6979ec409a9620dd8787ec21dc090697d192c12af35e2ea1fa3f786bb4ab

          SHA512

          e9f7a6bce7833f7de2f3863dd33ebc090042eef628bc6e2f7a707e6a9680b96666c7de25410c781cbd67afa357fcf9675eafd10356fcc79982890a9de07e29ee

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          606fc627bbfa7847ec8546f3352af54d

          SHA1

          6c2bc6277a3a276d8515b9971b7f0b23ed56ef41

          SHA256

          0e12045cf109d4ec3aedc6e8caa02a14f61a78364831d2ed9899eae5ea70c97f

          SHA512

          d3bd4b121dc49401e5d98d74974885017961d599736f863182d07d7ccfab2ce9467e318b4e89a2cc5acfd336fea833611edb86506c2a7ff5e6fedecd97c06b91

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c724a243517603b6f48e7f3741fb8b19

          SHA1

          02f8eabf0a18113cb55ad062d0eda3e8948d6ef2

          SHA256

          81aa296fff3443707ee3f836a55f61e6b598a255020792dc56a87c1d08537e4b

          SHA512

          7e9f655187d36fd077d14b252f872e2d3920e0875437094babb5b5b6e73c460d262ca4aba6f8c7b4ac19baf480a6cdc8dfa47b5212554a5bf05807748f13df91

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a6bf2c0eecb08cb55b7b7b2b98b1286a

          SHA1

          934ffa3f6e73c51aed73f757add4548948348c76

          SHA256

          74f31f741f457ded36c7d9b5800321bc468cf4656b06c56a04c748facaeed5de

          SHA512

          2dd71c5efe41e8558cfd030407c66d389c1f2446cb27253c45f8f16921b3d6090ef16fc527538f47db489806800a8609b774445dd57b598518e376e900a5c27f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5dffa6d9fa3648ee60a8b5e1e8076e33

          SHA1

          d8f315655ae538805f655d19b9d9f01499a36bdc

          SHA256

          499c5ca7456196c780b6b189c1b6c72eb03921aef96f5a9559b5d123ead5332b

          SHA512

          9c6181c969517625e3549d8b811a21cd1502547484e8962e6b8e5a241b1d8db6ebc0a2c0355bd0cc2af678b96905c952109c52a9af349230ea1b21134f6a86ab

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b3feedaa9909525cd0c692c8ad7e2ef3

          SHA1

          ce247d940f78cdb6b1c55df9cf68437fb700d57c

          SHA256

          01ac7757946fd1b9f957ce0c19f7f7d4bab73a6842d8f4cee88f929bddfded18

          SHA512

          ff1a1c649776442e31822c163823e3a77435e2c0b4d60223dd0003192922964663018784e505000493a9cb3b930cbb05269142eba47afa8296eb762eeeecd76a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0c7e5bc2c7f8dc7626be3b0e66969058

          SHA1

          42e30019f572536991118ef8bb6e296a066eb461

          SHA256

          889b00c8caf15b2ed933353213656bebb583a95165c46e4191ca0b04a8a176b1

          SHA512

          7ce8959fe1849c2881603f104a1b2acd9805bc7da059be51999d6d79a71c1c9bcef4da6c82c07c8c9534c9dac197d47d57fca7d2848174718ad3c5b830758aca

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2f6aca1d3d09cb081f37d85ef9eb56dd

          SHA1

          edb8f8d681de36341f8dc515f60337845b1b138e

          SHA256

          4ffa55cd37e1bcd43f7b8c366afe76769a852b8639fcc1471f6130b70900de0e

          SHA512

          48cfa59f50c0a364d59adc1cbdbec0a3b35b4eb9bdb99ef9e294ed8b38cd42860f5c0dbdbfe06307d30acced17ca5c24e3b727af4050ccb1cfc56d4f2bfd742e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5822f9fbcf2cbf843dd96936ea461b7b

          SHA1

          bcab79d2208589ebb44b75017b885cc35dcf15f2

          SHA256

          6c1c3d3bf6e49f5cb0989d0fe697619ceac03c313629b723e25c5d227482fc9c

          SHA512

          50e3263b64e607dd218e03f284d74ddcbe00f84b4f628ec30d74757dddf09116e485dc14e9df38d0b3504e6b3f6cc2fb5cfae4b62a6253d78734e42a191844b9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          685adb13fe0706a010dc054e018e1e90

          SHA1

          b49b57a53acedf51cef0cbfa04671871707600a6

          SHA256

          767baa46679a609677704d6e358e2a8b2453adace3f2df02b431b41299cd1237

          SHA512

          704e144dadb7b5a4aca25e87348c029036fd476dd46463b767a1ab5ff2060ef2ab3740d142be2fd2b30e7c92ac7b335436d8bd86dcc315c7fbf9d2ac55e7d762

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f3012756523648af25c672ff1e77792d

          SHA1

          fd62fc22ddf382fb8842eae81b3a1fb60da949ce

          SHA256

          9cba89b7f0e43c8fda8dcae33e28fe9d7d799cc569c23b2af7381740dc5c1276

          SHA512

          1a31f857b89460470fdf591fc3e0ef7f00c5608475d5430d2904894eaa052f32bfa7487d22983e91bca840b0042ef902653609cefe676e5bcdcab8e8644951dc

        • C:\Users\Admin\AppData\Local\Temp\Cab9022.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar910F.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • \Users\Admin\AppData\Local\Temp\svchost.exe
          Filesize

          55KB

          MD5

          ff5e1f27193ce51eec318714ef038bef

          SHA1

          b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

          SHA256

          fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

          SHA512

          c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

        • memory/2468-28-0x00000000001D0000-0x00000000001D1000-memory.dmp
          Filesize

          4KB

        • memory/2628-6-0x0000000000400000-0x000000000042E000-memory.dmp
          Filesize

          184KB

        • memory/2628-9-0x0000000000400000-0x000000000042E000-memory.dmp
          Filesize

          184KB

        • memory/2628-8-0x0000000000230000-0x000000000023F000-memory.dmp
          Filesize

          60KB

        • memory/2628-13-0x0000000000240000-0x000000000026E000-memory.dmp
          Filesize

          184KB

        • memory/2640-25-0x0000000000400000-0x000000000042E000-memory.dmp
          Filesize

          184KB

        • memory/3032-18-0x0000000000240000-0x0000000000241000-memory.dmp
          Filesize

          4KB

        • memory/3032-20-0x0000000000400000-0x000000000042E000-memory.dmp
          Filesize

          184KB