Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 20:31

General

  • Target

    ab54fa44d1d943e6ee8df5945c87e9c8_JaffaCakes118.html

  • Size

    129KB

  • MD5

    ab54fa44d1d943e6ee8df5945c87e9c8

  • SHA1

    fe7ac39db40b2d958f81efc138d9a7ca606d580f

  • SHA256

    ee65b24550a0a97a5d8ea8896de6824a3122d245af88f3e7725deed78c906bbd

  • SHA512

    510cb4646a7fd61cdf8eb9ae3f6372c81236e2bab4d95f51db77988d691b4072bc0acf0a7605539be0319739d0906d33c6c6697523c03edaee00a79f1d1aa3c4

  • SSDEEP

    1536:SZvbCy+cMzXNtqyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrA:STMzXNgyfkMY+BES09JXAnyrZalI+YU

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ab54fa44d1d943e6ee8df5945c87e9c8_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2096
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2476
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2836
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:209940 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2844

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      c3850b948e4079e9c58652e89728e34d

      SHA1

      e511c539a39ef4936a8c99a90eb512d17246ccd8

      SHA256

      99122ef4280aa20062e43710ecb3b1e9570f6a9b8d1bf5d3165a9b12844d308c

      SHA512

      36afe1c5d6acf46c84305a35a5851ffb886fa10538782e7b82f8a58c1aab92b861fb56658fae2e86359428755c66b1185cf3790edd43a8c5d3c32e97379d165d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1c2b97bc0e0289f586747ad620432dbd

      SHA1

      074fb466d3ca29a8742618693e9b44160d443709

      SHA256

      fec1dc20c10fd4c0dd42d67dc4dda55deffbab2f7e195929ce27ba258df11a13

      SHA512

      2aac76bac990e0c7c1d352fd0538dbe1f681a17065bfdb6ac0001b762b9c90d1fb52c4b9eaf54b9e65e400d0b1edd586a87daa78dc2f0d6a5e8d8e45c0ee788d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      57dea18a1e0040a981f58831223879de

      SHA1

      a446386624b2aec90538c1e433e1d80c3212d7ce

      SHA256

      6abfb538025eea539eee28cbd79d4d1241bb8b956b0d8953e45e792431e40548

      SHA512

      571eaa683be0b32d2b5d8428526ae9215b6274e3d69572d6fd3ad7ddaa4dcce19ec52c3cf7a4b77f952c48a49b06027bb2eab179832226d8202af75b4f5768f4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a6b20cf86bb0d46b0c1ed668652910a8

      SHA1

      4a7efb944bfb845f0dce7b82adab1fe44a4c385d

      SHA256

      390005dee3b8bc02430402122177c5bfd80b5933a9413a8a0a17dd0c3b8e6d47

      SHA512

      434bd0a9fd57040efec13bbccc4bc9e5a8523d2e0f7f9d3f081474ab7c23860f36d2dd5070453187d400781e9249a4a1a32beba50052e35b1783690c2cafd381

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b58ac4201402b1f529bc8980ec85a3ec

      SHA1

      ef964b5ee22088acf0e5cc2b3a0841fd7f4cc5ff

      SHA256

      679eb00f760531d0008ed5f6e725d7023a9207b3dd7cd7d766e20fa1b52c4551

      SHA512

      00183a7be8738af460c0420ff6d1b15050ce483c47517b597cc27c97571244dacc2f1fd1735a667277ff96a95c17dba881f6958e582e6f5eacffa074a7bc0db3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e427f520405468c8d745da41ba596370

      SHA1

      800e4c872287a2b49de5e0bda5815e9900e2030b

      SHA256

      57d9374ea22682b93df07c9285cbda4ec7221a7dea17789e729757bde6ec6a6d

      SHA512

      e8ca44b0db39091a0b5c592afecaf0f22bb478c7e9fd0d564628fa8d8f98a0dbb8c40b9185d0b6e16aa9f093b523d52c1ad64a6e64fec2229d39d6fcc59bc0e6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bc10a8d9e76a5471b5f3c17e89f39cd3

      SHA1

      8aec479d09cee60dfc184a4ff428c084191e16ba

      SHA256

      b30641eaf905ef0671976debb69e018ffed9d72ba4770f1831ed7a9a9bbba724

      SHA512

      d9e68dc82f09e339a11d76d22ab34b903431cf436c59a98865feec2ebd34025b1b32f6fbf6ffe6aae535214ac2f6075f088c2ab7222e3dd3fcda3c1294707e26

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fefe27fbfdb2504144498f004a232c9c

      SHA1

      31d40b7b645caf71280cb251653db4f3fcb01e92

      SHA256

      ed112ae6c70180a152a4a87ab45314a459859a1e3977552c2ec3d3e12dbf3c5d

      SHA512

      8afc2c1354298d6470369aebda81067d9566a68d28d658d937885b72331dc39b03cb4cfd545a96d0db29cf823d0a646da0ac8bb7e737fe12cec2c564db3f9793

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      eacfde16834b94413358f5b72cad4d7b

      SHA1

      fd0b104fd0bf37ccf972ae954266a2e9f0ce5cce

      SHA256

      885380253f6b6db48719c32cc2645364e876562d5a8509126c410fce86a37413

      SHA512

      d66a52d4de0d66675c2d3df91f0b67d9e7162892abf09752780582d14558d0c992116e69f2aab8465f72ea77f2c8f586c6b6f54b2b202d79894fd5749bd9c7c3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      568ce7066475cfb486a4205d575d629c

      SHA1

      bc77b22d72d819525fdb35b5eb627b567696a682

      SHA256

      a46eeb71c0d57b2dc5efe0d3844aa321c4c89f51566ba548c51552a98b50a202

      SHA512

      e4399b14fdb4ebb355eea50910696b9d993f8064be139b26d5d098f048686796a4d2f42cb010a57ee890d45cefeb9e553a17daaf15edd681537a315c40555226

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      df16be9df23502402b6b7e715e148349

      SHA1

      b1cd6ab8d6013c2d22e5a90a40e171667d8f90a4

      SHA256

      41215daa8076909b15ddd8e0771c75e9bed58514395a4acc0772bf0c5482ff92

      SHA512

      e537df3bda67e22d0e9c6e05fe97e2329700b93f235ade8a2a0cb1be54451646f188a7511c5e2f648e6721a6aad36880e81b9cd3e61d514d33e1286250cd3715

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e2400cced11e4cf420c3931640c774ce

      SHA1

      88fa9c2eff8bf815160e12840437763ca9cd6c4c

      SHA256

      b21d4be3f94fab0911baf699aa0ede41419c65afcd16ce79e6bcbfcd9c2b5266

      SHA512

      ee33645d0b9279094e0c9e7d14923af9d1bd32f66da5a03c95b7eb8fcbeff9b5a1351633db5018e55dae53f3731e5e6fc21aa64a951877927cd14e99e5527767

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ad44c09e03742b62acccfd3b982f1693

      SHA1

      9d8aa779ae5e8d8990860a241118c962f9a39157

      SHA256

      9096c7ec9a22595390e89b2c8ca9fcb2f2f8a093e84a4cde0713d20a436d27ef

      SHA512

      c14c93c5d503d6c61de918aed2b83e098dd0e854a8005adb0bebcf36015b0b79669174908af7e30d1a0555626fc7a9440c0d0fb7481b6e73e55c2da84c0322fd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      77f5b2e3af78ea46cf5aea3d0a4e82f8

      SHA1

      4a735995e2df12e933ce61dc6c78fef21e08c2cd

      SHA256

      acfeb4f8705cb8aee396207aac129d1c385758940951c23da49de03fc36448bd

      SHA512

      35f215b9dd84ccb1f40426aeb65be5154ef2f10e96bf1a5864f3def7a9a9de32872e8376fba8fa1d441a6b13b18d7f73ffa3a5e653581905023582c792973282

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3b8d8667337e148ff402968d8659b33a

      SHA1

      bc27a8c03ecbee0051bd80a87b6f399607f228fc

      SHA256

      b96572159a164925bca5fa4638e07776632adbe9f9140191e693c99ca7fb010e

      SHA512

      93cc64b94750641a3264d5c592d3764e42d23dc78f6c02107fabcf808cfb22a4292c7ed3556e5032e560243528f3ce3933167df13de2a9f9be40e58c352c73f4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f96e0b15008e68bb6b4399b98942afc3

      SHA1

      cc88c554a2b28e37a3360502d8058362c70c6d62

      SHA256

      673c27d8a480663439b2ebe82d5a05991d9204e2928bece6359569a98f50f6af

      SHA512

      acb09e21054c50fc19ff84c32217a3bfc5a7adae505c113eb509e1868551a20ad2c60350abf8f669ce47d40b31cfb3706a95f7c1eafe672681a37a49823c42c9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f49ba9774e1ee9f8698fa8f35c3d7c00

      SHA1

      780d6e25df1388479f8b22ba4721b3597566c4c8

      SHA256

      853e63ff352d4e533bec29330d2bd83d745de2cb3fbc8bd8488abaf9b924e560

      SHA512

      d1ac3a79225e669668553a38bf73df75204639338749fa49fcaefee55d828f1e8f31552dc62266abcc4dcddd9543b4fdce9bb2b8f8471796406382d10fba21f8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      558bdc7ed71e5f145048d681bde4e83f

      SHA1

      cbf32e268d64e2f680bde8c228ec6980b3754406

      SHA256

      5bec561fb8f1f7dae25980359b8f0e396d70796d5d27d0ee171783c4cedfbe63

      SHA512

      a4d08704a5813732af47959b8f36296ee5a4d6f3a401cc36b7707e646218dd013baedeb23ee7cd54ebbcc437cc28769ad4dd021ef66d93096630e8689c36df7b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      02387e13ffc7b490e463e17b7e66248d

      SHA1

      81348eeda5f16cfba48a3be2b23a3941767f3645

      SHA256

      4ccc217310c7a8372204339f4e0e1ee0bbffde9028aeba1bed19a1c167b9f8f9

      SHA512

      f0cfaa2dace4a4810dfa173c4ea8b6e7c4416dc38a969d326e61313cd191017fca496d0f9cdfb406ac1e5c17308cac4a9f147dcca4075e14f5801f3513cdea18

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      991c2732678e398f2f8039af97b42463

      SHA1

      36cea8b655bf0354e46b62550ba844a7fb8d08b8

      SHA256

      8a8eed6ec63bd8385d1df2a9b78d7c05417db62b4c2e289c69c89ee334607fd0

      SHA512

      e881e565887d2c453be49d8cfbbce29318c71478de89071751a8b6e8c9a31c278fc434533a71a8c2dddc7029683a8b2b97a3856d5f9f78d7091ac70f51b8580b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      44455081f6ac17bf8deb9bcd4663deb0

      SHA1

      547e4eb5188e56fe88f67b3f5fa094d9ce890530

      SHA256

      9debc8531e3e266472c564f86031850422456424cb4df78a92897bf57dd06df9

      SHA512

      4c99ee0c06efe761b9c8c4d39388aff650998f391d48734489faa51a8cecc6330717030914212c130ad77ec013797b95d53f81808dcb8037f3edeca9e811b5d9

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLA24MAI\favicon[2].ico
      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    • C:\Users\Admin\AppData\Local\Temp\TarD3E8.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2096-7-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2096-8-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

    • memory/2476-15-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/2476-17-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

    • memory/2476-19-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB