Analysis

  • max time kernel
    137s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 20:12

General

  • Target

    ab43112989b0e1d5dffceabbcdde646d_JaffaCakes118.html

  • Size

    188KB

  • MD5

    ab43112989b0e1d5dffceabbcdde646d

  • SHA1

    5c32afb73d87b95968cf3c7685d69816f3fc3ec3

  • SHA256

    05f9d032cee40d2e303e838e50a36451d8866e65827f49654a61e0982d35cafb

  • SHA512

    6e7baa476a9fe6afce97f16f273388a0289d8af5acf35e457738e574a835457bb3592c435beab2bbca67631bf4e21791bdafb1466f192fab1a97dedf28d15020

  • SSDEEP

    3072:StGaHI4DegOqBVx9NC7QVgzq/3UyfkMY+BES09JXAnyrZalI+Y3ml8mKAF/kQkj0:SAQZsMYod+X3oI+Y3xm8QkI

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:380
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:476
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:604
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:1940
                • C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Windows\system32\wbem\wmiprvse.exe -Embedding
                  4⤵
                    PID:1324
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k RPCSS
                  3⤵
                    PID:680
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                    3⤵
                      PID:744
                    • C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                      3⤵
                        PID:816
                        • C:\Windows\system32\Dwm.exe
                          "C:\Windows\system32\Dwm.exe"
                          4⤵
                            PID:1172
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k netsvcs
                          3⤵
                            PID:852
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalService
                            3⤵
                              PID:968
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k NetworkService
                              3⤵
                                PID:236
                              • C:\Windows\System32\spoolsv.exe
                                C:\Windows\System32\spoolsv.exe
                                3⤵
                                  PID:300
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                  3⤵
                                    PID:1068
                                  • C:\Windows\system32\taskhost.exe
                                    "taskhost.exe"
                                    3⤵
                                      PID:1108
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                      3⤵
                                        PID:2084
                                      • C:\Windows\system32\sppsvc.exe
                                        C:\Windows\system32\sppsvc.exe
                                        3⤵
                                          PID:1156
                                      • C:\Windows\system32\lsass.exe
                                        C:\Windows\system32\lsass.exe
                                        2⤵
                                          PID:484
                                        • C:\Windows\system32\lsm.exe
                                          C:\Windows\system32\lsm.exe
                                          2⤵
                                            PID:492
                                        • C:\Windows\system32\csrss.exe
                                          %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                          1⤵
                                            PID:392
                                          • C:\Windows\system32\winlogon.exe
                                            winlogon.exe
                                            1⤵
                                              PID:428
                                            • C:\Windows\Explorer.EXE
                                              C:\Windows\Explorer.EXE
                                              1⤵
                                                PID:1200
                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ab43112989b0e1d5dffceabbcdde646d_JaffaCakes118.html
                                                  2⤵
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:2804
                                                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
                                                    3⤵
                                                    • Loads dropped DLL
                                                    • Modifies Internet Explorer settings
                                                    • Suspicious use of SetWindowsHookEx
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2304
                                                    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                      4⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: MapViewOfSection
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of WriteProcessMemory
                                                      PID:1944

                                              Network

                                              MITRE ATT&CK Matrix ATT&CK v13

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                b96ffbf99f86245a82c02a9aaaeeee8d

                                                SHA1

                                                d0cdd080ad4ce5c7805543b531e1807d53c4e2bd

                                                SHA256

                                                4371c6d76cbc756dd2365adf20db3493631583b370fe90410cd05ab3baf46013

                                                SHA512

                                                bf7f3e322989a625c9720bc45e11eb7c1229682c6b13426d378601ef8b8426caf27209c5b4c9962d4a560541d44531d031b62cab15ad862c3a9b62eb19cdbe3c

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                8c5528a4089b6d5830a2dd09713bd903

                                                SHA1

                                                3a80473efd20ef4655b689b80400b19bb080ca46

                                                SHA256

                                                40c50ba83e7560b206fc7b8c3fa4dcec4db087c6c490d45d5afdd0feb2191515

                                                SHA512

                                                31e8b82c99adb9605dadf939889c2edb1f8ce5634075acca8e95f475c2a22fea9d517223fa8fb8d9f9beedeb769460f95516e944938e3c2792c5219e0732445f

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                06b5f32e71c573f0d367c0077a56c3fa

                                                SHA1

                                                9d38b20e43613231d35e25cd3a0f308fcc9c2cd4

                                                SHA256

                                                be6df336be8fc29f212c4969783992cd9d792a881bac6391afc5536cff15599b

                                                SHA512

                                                9e4439110faa1b04e3dbd6285391e4e309d587cbb67ab671bd0496566e93a52fe4b2722ac8a3386c696f9c891b201bd4bc318ff575dddc9402871f8d0b0dcd12

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                4c80ed4c1b750dfe90e42eccdcd8e5d7

                                                SHA1

                                                e5ab0d58876c8b684e77428bc5dde8fa9f824ef9

                                                SHA256

                                                60e4502d668b245cabc4e4311068110808f7f3cef3a0a3dd6fc65324c07aeaa0

                                                SHA512

                                                c851863df7592a43b08408fe38b1e5be3438bf97d6ac53a67255823ae128e4a5d5e707a539b5f27a5ebf129ae6fdf3f77ae59be72b971f3d3baf40cc22f861ee

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                d25a8c7413c9dec6bf27eff592d25cb1

                                                SHA1

                                                c80e96db12e6d46467210b4fb59a53e7501b3e84

                                                SHA256

                                                6acf2c21b7ccafb638c8092509810e5230f38108a4633fe2f607a872fdd5f242

                                                SHA512

                                                698e5025491938300adf7c8aa5865d1f45048071726902c8c1bebe8effe74204f34ef7d4a830777ec6fd0e5fc38c1a1631ae0eead547c0df30a49c85988c740e

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                6fb483b088a1b90741340fba3e81db42

                                                SHA1

                                                2bf06431fd35b70f3848064cce97455a9c5560ed

                                                SHA256

                                                cb0acd837d0b93aa9b6a83f8181dc9a62a17447264479d2619de042f34992d76

                                                SHA512

                                                6b3dce2ce5ff33ee8a323d96890a7c48d6e197a96feea9296238522033d6ff7fe46f4c2ac62b231e5b4ce67820303418ce9776ad207a982f1b827b5b60978c8c

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                9d5642cec6be81cb9dfc8b73cf73471e

                                                SHA1

                                                d8f11ac4aed3c8f9bc235bd7e6eed89d5786be0f

                                                SHA256

                                                045a57ee0e5d1c30166ef4c8de806692c303773feee473e0ec78b232bda0dfe0

                                                SHA512

                                                53a065634079460a213f3dac5df43e7a157bff29484ece4c43261922d1d9dafdd8068bc7168e0636bafb6e9eee7015c2f23dd861ae117c3ce9b1229fd4a06202

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                957edcb06d578097f0abdb76ac0fe793

                                                SHA1

                                                c1688bf3126d3e984c21bc1f5aeac8c02160b7f0

                                                SHA256

                                                33df95a3da9df77803d6be1788e3912ff11be14fd05f0b7ca876c74b0cf5e440

                                                SHA512

                                                0ddab06151535e3aa59adf7dbe77e082fd000a0b69dd9309be5a52d4fd72ae4d6f6b50c0067350c390e832accfa1660e77658b87f5821001763c420eb3b356d8

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                b0eb602c07c9b48b0d47d8abfdc9c2d7

                                                SHA1

                                                463425419ecb873cceee9e2e4089a54219a5aed6

                                                SHA256

                                                0a7e2cee03bc8bba688e35c0fbc65495e21cd16554792070587346a3e4c9d0fc

                                                SHA512

                                                0cf7bb400a259a98d5326c4ce87f65730bf5972b3d6d27fc050b6d22aa3d0ed51347d231d031820ce7c3ec35e653679662dcbc3bab7b28f6f66e12fe9cf78e43

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                8c5dd32a0e50e37b0b1170aa2743df0b

                                                SHA1

                                                7535fec844bd1069bd80e305a6338b5b96dc8cea

                                                SHA256

                                                9f43d45bd7fde4ba203f290de4fb20091fe4acf8088c184bdedb110c7c9d6417

                                                SHA512

                                                b9f2056ac90505c353e871be13cbbce872d10f33056400dfab300dc60b9b025a54ee6b54023db09e044d4542be6ff000686b8e9196f0e53605c1ececcd35a01b

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                3bcff6e529bf692e9c5fa74d7fbb2e84

                                                SHA1

                                                3dcd59db81c2982a7a4143eda30477c047e8f558

                                                SHA256

                                                a14587ae0b37ec3bde1f6bdf27624dac9b9d71d65f4218db6a3046d193fe0aa1

                                                SHA512

                                                13ef94c39c6e7b5f59e770412f74396ea18a59b41a25578e10feff7eb3cf0b484f2feb885e92b332cf8543fb3cc5c6ac8e454e7fe908a45be02f527e442beed2

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                49ae460bbfd63df5fc0dc8cea112f037

                                                SHA1

                                                cae1befa2e8d10d06e55810ecee4a8f63da40217

                                                SHA256

                                                cd94849958e417e0f504093a943b1f3448bb2524ef41c3d63ceb5c82b1448a61

                                                SHA512

                                                9b5fdf231b2a86dcfab209f14ae1522d61e1e701a87a63d9ec34eff53c604a9ad7c0c34bfa7b43c51161d8baf8521a2a5476015fffda2ffe6e2824e48c526994

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                bc90c2779deec5a07e6fb56212db62ce

                                                SHA1

                                                66d3dbb6b81bc7d65e3077a989d7bb8353fac3bb

                                                SHA256

                                                062f093ec0ff5f7cf713a37b461b8435cbef3ec33d33b89c919b543ed0181a80

                                                SHA512

                                                92e8bbda0fdb3a44c48421c906800848c3e696c2084c3467d84fc2cf97e6a3b7825b14be47552c1f6b9d1cd7552c82fb3d9fc3e3bbdce848247289eb82430d79

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                47c76042cebb7aab424198031459e346

                                                SHA1

                                                b99ab258d43bb2b7bb9296940f831e7e921c9cbd

                                                SHA256

                                                83abf445810959339fd7b686aa001800fa318266523ad968200e48f0021df6ec

                                                SHA512

                                                ec770c13d1c6bd6ecc1216ab8f189c7e0ee1e67df2a156b9a69fd759cb553fd109e1a1259b350c8adfa449015be215bc13e1ab62bb0dc1ea33ffeac6f4ceea47

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                19ec65b0a6e671cc91e64d703f7f6a9c

                                                SHA1

                                                c37657183c2c4939b19f4b3b1f493122666f298d

                                                SHA256

                                                3b057b839eafe6a3f4d9ef626bb44a8cbd8af6c8cc4d66e3b7658b6f1d6fee79

                                                SHA512

                                                8ed016e790eff1e9534b6bbf042abd48e9b670b2d0ab9fb88cf7dbda07dd7d4234a1a703851997d2d96f6330ea63db91db86643bb9c2c65c89501e5785136b3f

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                3edfb575e97e0c35054b9dc9bb2a7140

                                                SHA1

                                                f9d3a5c8c355c150bbb38fa44c4af8c4f4878db5

                                                SHA256

                                                ec8300e24f65b54e23b9a98d26522b91adefe053145695f91a6ed1b0adb13111

                                                SHA512

                                                561041f004d47c26650567d89fe91f9cf6fd939f81705edeb43d1426bf70eb1cbe3aae5e9a0be1a3128c4c5def90c476f0e5a81b884e51ef29c452e39ca423e8

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                35c27edf968502a92560f10bf92ed3f5

                                                SHA1

                                                bedf0e3d31e6c242c48833831eaf2294f29f2291

                                                SHA256

                                                73f139ccab8d26986f0eb707032492756c3623962758aeb9d4f1a61195677c98

                                                SHA512

                                                dfabef181f4aaaa086e8f03e0158b3479e65439223e93f8a9cdd7f4bf6c0b7d423c2217bd9f7e010b1a546ce088c2ba9ef292a11988df4de8ea609075e34f7b5

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                3983083915ddc8a1808fb700c926a722

                                                SHA1

                                                bb1d637b5ba216d0aec8ed2ad6128b5117d344a2

                                                SHA256

                                                5114d18e611e369600a2523ab256495bfc98b84ca6d9cb14efb005edd9c5c8f7

                                                SHA512

                                                6a9b3814410de90120063df3c79cab847f64a79c3ab6bfdbffcf396eaa550ce0a95a0a87683256a264ca270dce31cba858a8d167708fc0a98ac5fe861edee32e

                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                Filesize

                                                342B

                                                MD5

                                                3cd1ba28e71598c6044c3a3dac16f7d5

                                                SHA1

                                                002cda939444ffb15a9ba39714cc02948980276e

                                                SHA256

                                                393feec08ee249d848388efccdf934c90ff5df619bc03b64b54aceef0245d757

                                                SHA512

                                                179f38d0490445f55f204728533d36d58dbee464f3f76ee9fb6b057653329cce39d1c1371c18f1b5b0e194d4d4484e14e937a491949b054f98837f8eb9d95866

                                              • C:\Users\Admin\AppData\Local\Temp\CabBD5.tmp
                                                Filesize

                                                70KB

                                                MD5

                                                49aebf8cbd62d92ac215b2923fb1b9f5

                                                SHA1

                                                1723be06719828dda65ad804298d0431f6aff976

                                                SHA256

                                                b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                                SHA512

                                                bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                              • C:\Users\Admin\AppData\Local\Temp\TarC74.tmp
                                                Filesize

                                                181KB

                                                MD5

                                                4ea6026cf93ec6338144661bf1202cd1

                                                SHA1

                                                a1dec9044f750ad887935a01430bf49322fbdcb7

                                                SHA256

                                                8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                                SHA512

                                                6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                              • \Users\Admin\AppData\Local\Temp\svchost.exe
                                                Filesize

                                                84KB

                                                MD5

                                                aacddc285ad58646db0dc7eea6467f45

                                                SHA1

                                                cb33696b7138f1f49303fd8ea7d0376dbfc19512

                                                SHA256

                                                1ab90eff06c7ea704a3ba5703f4280be437481ab3afb74ff8d65087449f33b73

                                                SHA512

                                                e36525c94f760144e2d76d8933a0f199d63d0faff3a6d19b8046e8957b09d9a16a04f6901fbff87e28053d47cbc69260ed576a08d6559cb9db7719d47585db2d

                                              • memory/1944-438-0x0000000000400000-0x0000000000436000-memory.dmp
                                                Filesize

                                                216KB

                                              • memory/1944-434-0x0000000000400000-0x0000000000436000-memory.dmp
                                                Filesize

                                                216KB