Analysis

  • max time kernel
    139s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 19:56

General

  • Target

    ab3439efd45b417664801d0c5bca50d0_JaffaCakes118.html

  • Size

    150KB

  • MD5

    ab3439efd45b417664801d0c5bca50d0

  • SHA1

    6801a21ef9c347b0d0015a8388a40721a3fd83d7

  • SHA256

    ca67bb1bd21c66da011f3f3df9a6497ff82e7ef8292375eb962d2ec7c7e39732

  • SHA512

    d3e7ecd51fbb3b65720a18f8074b4890bb1ebe83489ff0b6fcb71fa67a75172a4775e32bd7fc6de9dc6cb2b3eb2dfdad0551d07a39959e9688a7ce531c623e14

  • SSDEEP

    1536:iNRTqNAk2u+NyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:irK1+NyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ab3439efd45b417664801d0c5bca50d0_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2904
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1920
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1452
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:406544 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3048

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      882d5f15797e182371f8a6b1a0c8f99e

      SHA1

      2ad6f67effd6e56ddb44580828ef4a163791d85c

      SHA256

      9448b8bb9dd0e4e0a268e86f1c0861ef99cbe25297575c8cf172f850a8187947

      SHA512

      8549d1d7cfaf694998114e1e56cfc47e888044364031febdaffccac5da355b98eec9b18fcfa803833eb8d681b9c0fdf3c157862cd906f3a7174aaabf122d6a15

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b85802e83b4ffd5b3b487776bc2b9224

      SHA1

      4440cf436c4b9543ee741d220aa47a4141b77949

      SHA256

      ee7e0fef30ac0cb5401f7ef5a2d39c5aa57af162f3506a3e9d06cc07f94fbf0a

      SHA512

      9d28ab1353332d3e46fc2eda372b93d419b020ac9baccb818feb97d603e539496109262a4dfca4dea616e027b7e27950fff1a1a732b26e43ebbe03d4cbc72a49

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      52c68b6fe4fe8cd84e5884e009fc34db

      SHA1

      8277eb6c9948fe57e19f381cd2e38329c852ba1c

      SHA256

      778028dd2b6b7836b43b50193de0ed2e4854703def09b94f326bdb5056dfadff

      SHA512

      69a4ff05f9694bc69e4bfc9335f3d5a8e5e731e41d3e7311ebf8bf3f3369578716af3a305c99417347011698f425656c30095bc88036b362f77a2aae1a52d2c2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      15df17b94f63b880fcc4c0b04f9836f2

      SHA1

      1d928d6f0d70d370c205b7919b07b9885d0c6140

      SHA256

      490a5085eb2f5e15ed93a03e4d054fbeaa6ca9afce0cad11d1c6ca9b6ab5863e

      SHA512

      df4454353a908feeb8e977d1bd6299b69ccebaf9baf8897116da286a30ac3aef29e2e3de33d154bb2cbc75174e1e26cde6f310fdbcca81054ab1854ab8a2989d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      108e2be4d67fe800cd3d37f5b0330f5b

      SHA1

      ca3657a8aeefcddf03929e5020c5653371b4f0ee

      SHA256

      3739dbfb6daeeab53e91d3279830bb1e6a33dea12dcf539c988899800c6b81a8

      SHA512

      488610fb5348548ea79796ca31d9284bff0a68486433acb019f8050d315c4c14ec0017b230dedba396ca649a3307019516e61de44bfd43b8d1803f14b2596e85

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a04fc9934c1470475f1d335386971282

      SHA1

      caed9bcb4a47544b512e24910d0d801f50cf3ea1

      SHA256

      8d68c0deba33fefe970376c8b5976cb46dc0513304ec7fa1cc96e2ef46393c05

      SHA512

      cee8f02a634628a1f51ae73226d9636a19fb6735dd3b69bc5d742eb92722dd0382a3089ef6c2fd9b80cbb755b33d6f4bec6d565e0399282abfaa88175504fe7f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ec754ed7fc384cc15f3b5baeb3eed2b2

      SHA1

      8a268c4601a778339a0dcf7f81d018d7bb1432fc

      SHA256

      56cd305ec059fb68109a9fc1022b093cd24acfe6a4722bb0e698182bcb3673bb

      SHA512

      72b3284a69ec00dc8c673710593f192d9d375db9943dce8b74baaf389083cbb5fe32fb1e9d47fb789f44c93632d1b094c45a2fcd2b05694db45be7bf7140ed3d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3bdaae1f5e24064347a3b7637b4b7b05

      SHA1

      4d278f75dd627cea1946d9ab4de05793183ebc52

      SHA256

      05a4c296d7cf9303142c9a7bf9cc2c983cd611ff1318751666e7b86f40212033

      SHA512

      2c5e0b249feaa01856e657a103bcc05b3b4d866ec7f24a36500ed7795ca643378eed83419788b1f92f459e235362b13dcccd94bcc539bd230fa0d8c8605b8ce6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c6a8e4d625f81b1ca04dee4dff06a866

      SHA1

      4daf429385a8715de07706a76ee99d6c63a080d3

      SHA256

      62b64fd8b02ec93711b647b67af20892c0290ec37e6fbe62aff0f6382041aac6

      SHA512

      795c94fab4ccc25cf2f1458beedcf7de94acd567f24fa51d237a746035279771abfb7318e28ea9ac5381a8e5e657ef586f714449371c9813ae8c0ebcb0a7a595

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f584ac720f81522375f735293e50e3f

      SHA1

      3c2d92317f1e5ff72c9e69b24fcb6ca46d234d8e

      SHA256

      d5411662553b55f8d94b2a4b5fede0422435a8c39045496d8c7d334d594f4adb

      SHA512

      cf4cfb16da731e2cf766ab7fe8dc6cce5a6716554d7481d6b8a534129224393dc899f73091653d3155d47df2d245065d451772dfa565dfa198df0874515e9bf2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      df450fcc2c7c9e59b3f4cc48013358b2

      SHA1

      f3dd42623c406717afbfec0da9b88ad224323938

      SHA256

      0ef63e4fcc3812274cec345f6d1fe2348c7d7f58dc944dba674370e8afd7a4ce

      SHA512

      30d9bcc7c38321203638906046034a2e7b44dd459c31563a78f8bdf058a925b3c8421cd2bcd1e760079fa0d7ea1ec35aa9935b6453255b03fe2bc16e2d608e29

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c6a02df5ab701e2a7ede7615cea81d81

      SHA1

      5d20ba4156c17ca536b21c9b3879424eeef4b7e8

      SHA256

      5832d7870f0834065cf367160d1de47564068e4a341beeba23d435486a0cf0d0

      SHA512

      aa862bbe4eaace54f959ee23fde5a4f5a1e3de8fcdcc264921079744e84ed522c46d27e76b0ab0a66ad4defa12681bcdcfc6493f39a90c5553cc18a489901434

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      402c8bf22e4b814369dd91d8ca277f99

      SHA1

      bdb030aa15049c00fe555a09da347b1d01a02615

      SHA256

      3494e1373e82ec147eedd813e574f697a75b3345cdd957a13b18d23bba7bd24e

      SHA512

      2addc8c1e6730994308a1497976a802d4ef844f321360d32fcbf77aa33166d648f5e953398767990a0d0732a1e76ffa275369d38238aa138a1694b87db1b14ff

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      58e5bec7b10f50ea007cac7ba3fc4bc5

      SHA1

      e327fafc19b43030ad8d9e925379669ef741f6c5

      SHA256

      cfd0f19f0402f782287a5a87e6f4be09a4d1c23ac76645f7f15c11539cd90a34

      SHA512

      fff4e21c6e8a87a885716ecc6f6a05438f6317ca0eab77ba8eb39e0d192903422785bad565ccc02f1389bbb89d38461200f8bb9982f09b98970ea8c3068d7da1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      451e13e1a20369d2d2f64ecf5d91b7b8

      SHA1

      9c136887bc7e2490ad26a3c75c2f0318186bc2c8

      SHA256

      e37b8fc8f5cebc227b548a340eaadbd06bac5e7ccb1a1192d57cdaf327789149

      SHA512

      d6173a7026cd1b340064bd41eee57c299be35403bdfc057f061277cded974c34d4e64b5e2c8717db781be5e8b54e8c3629065d61b308f7fad2fed1310e7e06f0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5624c28f4b9718becf3a90348d00c6dd

      SHA1

      2a444ff9f41bd3c3c5152dbf0ef9c261f4a9bbf4

      SHA256

      5b81cdc41d5ab18a3052481760507257943c17ce7255fe3e98a2f389ae161d4e

      SHA512

      2e0adaed0fc5584be5138d8e661ad03da03e4d54f32631a472efef6f65b62d1d4ecc833d47c6ab6bbd2aeea0cfb360445e74355d5c96603e9273ce5c3feedf44

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2f3f45a9a0850c1e3775470e7711e16d

      SHA1

      37f3c3a1d1ff1240e92e01a8e8af0c37e6b61eac

      SHA256

      edde6a6e67116df0059c9d593e1de7240ade682dfd8a9a7d5b50c0148d9567d4

      SHA512

      1d8b0ec6aabe8f9994acf9fc71873f1b3c6745ebcd4eddec9d9143a1df6741f5b6b1e125a913dcb6ec4c23e4fec6d71e2168c0eec848610ab7fa9a27fac04662

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f6bc45ee1195818a13063de4a208491

      SHA1

      04e9976b15b9d623b3ee113a524d39558d1f5eac

      SHA256

      ef2cae0b44c26934f2acbc532f6bae6adec383d6405445f1248ade4748e3ce3b

      SHA512

      41f0f4275e7b69784b997188858598038fc02dcfcc174bb1b36b07c190e4f0db75c736841a81ee4dc47fd1564fc7473657364cf8219623e93270c96e7306e752

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      01a66841337f52a30f5132950487ba0f

      SHA1

      3827986423b87ed1647f42d6394d23bcbbafadef

      SHA256

      a60370343a2a98ca6b6966f818415525f4805fcb12993c49f969f5acc0eff6dd

      SHA512

      46d364aff07ff499d9ebd41507b5ad3e2b4863b4934644d2f6c3e1c2d85e49d447a3c9ffc60b818719a6bf6c49260dc87b6e6b028166c5bf0c0c13725af242af

    • C:\Users\Admin\AppData\Local\Temp\Cab607A.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar6138.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1452-445-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

    • memory/1452-443-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1452-447-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1452-446-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1920-436-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

    • memory/1920-435-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB