Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 20:43

General

  • Target

    ab5fcbbe8e12c06daef8bba8e1bbac5d_JaffaCakes118.html

  • Size

    211KB

  • MD5

    ab5fcbbe8e12c06daef8bba8e1bbac5d

  • SHA1

    98e04d4334ba7c7918d561453e53d8a41190604c

  • SHA256

    7edb047be10e29cf85ec1ecda0fb7c67f7287b477986c9a8e67a4d75daec4767

  • SHA512

    11624df7b31b1b6a82cb0be160c12cc872db9b659827e5783f48acc40b033e781d7d09fc712a05eea4e38252540b59b1ad2a7deb7394923568d122d0c80bc269

  • SSDEEP

    3072:TkyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:TpsMYod+X3oI+YS1tA8

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wininit.exe
    wininit.exe
    1⤵
      PID:376
      • C:\Windows\system32\services.exe
        C:\Windows\system32\services.exe
        2⤵
          PID:480
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            3⤵
              PID:600
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                4⤵
                  PID:1636
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                3⤵
                  PID:680
                • C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  3⤵
                    PID:756
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    3⤵
                      PID:816
                      • C:\Windows\system32\Dwm.exe
                        "C:\Windows\system32\Dwm.exe"
                        4⤵
                          PID:1172
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs
                        3⤵
                          PID:852
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService
                          3⤵
                            PID:964
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k NetworkService
                            3⤵
                              PID:112
                            • C:\Windows\System32\spoolsv.exe
                              C:\Windows\System32\spoolsv.exe
                              3⤵
                                PID:352
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                3⤵
                                  PID:1072
                                • C:\Windows\system32\taskhost.exe
                                  "taskhost.exe"
                                  3⤵
                                    PID:1092
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                    3⤵
                                      PID:2032
                                    • C:\Windows\system32\sppsvc.exe
                                      C:\Windows\system32\sppsvc.exe
                                      3⤵
                                        PID:2156
                                    • C:\Windows\system32\lsass.exe
                                      C:\Windows\system32\lsass.exe
                                      2⤵
                                        PID:496
                                      • C:\Windows\system32\lsm.exe
                                        C:\Windows\system32\lsm.exe
                                        2⤵
                                          PID:504
                                      • C:\Windows\system32\csrss.exe
                                        %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                        1⤵
                                          PID:400
                                        • C:\Windows\system32\winlogon.exe
                                          winlogon.exe
                                          1⤵
                                            PID:436
                                          • C:\Windows\Explorer.EXE
                                            C:\Windows\Explorer.EXE
                                            1⤵
                                              PID:1196
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ab5fcbbe8e12c06daef8bba8e1bbac5d_JaffaCakes118.html
                                                2⤵
                                                • Modifies Internet Explorer settings
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                • Suspicious use of WriteProcessMemory
                                                PID:1956
                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
                                                  3⤵
                                                  • Loads dropped DLL
                                                  • Modifies Internet Explorer settings
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:2392
                                                  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Program Files directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: MapViewOfSection
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2544

                                            Network

                                            MITRE ATT&CK Matrix ATT&CK v13

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              70KB

                                              MD5

                                              49aebf8cbd62d92ac215b2923fb1b9f5

                                              SHA1

                                              1723be06719828dda65ad804298d0431f6aff976

                                              SHA256

                                              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                              SHA512

                                              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              0748a7b24123ba1f0c671577b58dc07e

                                              SHA1

                                              bf6ea8618b5ce7d035691b5ff4e612656fbafbfa

                                              SHA256

                                              b2f7b4d22446aa6604fdaa4426ece31174caef10222b6705c8c3bc78936fdd4b

                                              SHA512

                                              b0b82a67d99516bc3506cdb216eb0cbc87143783075369a7a74ed1ef22c7ffc5b52fd7ba4ea787139296f7bfd594689252c2ff3dd94307af0b9737bfd726dcd3

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              986377b1b54b2194cf509ee85df6ebea

                                              SHA1

                                              b3c5ed61ad3af661a4c733452f59139820fce394

                                              SHA256

                                              54c4e24bb3505619d8f9306434ece0d824e6ec9358c47246e9077c77032ffd80

                                              SHA512

                                              6ba7ccda2fa053ed63d3aec4ad198d7503588aac900463b8ca3472e1cb41dfecbdd39c827bf75805077a9e57ef6429d86aa91ebca99b1711b61708ca9f9cdc2b

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              67da71085f139e756a721464ecb01bd8

                                              SHA1

                                              ff3cda899505920159819028f8f17588537c926b

                                              SHA256

                                              1650c62d69a3ac42488e63d498e57fbb63bd9c647bf0c4336a73a40adf8c3db0

                                              SHA512

                                              975ed6b035414fa691f713962779d5823926d0d0492480713718657187155ff0c44ff3bb06f34b689907a0880252020b297f47fcbb9872ffd97cf224c2940325

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              f906b378ce2f691ed0614590549f8c18

                                              SHA1

                                              0afbd1b912067bca30793034a5b2519cec524440

                                              SHA256

                                              1dc743a00abd9e05c91f87d6c7b51bb346c8ca895ceff8e47a2f067d67ae5b53

                                              SHA512

                                              d70f386f81c51e7ff0c9016aadd10fd5564b8d70923f0fe7961efd22e23ed50687eb6ca5500215d2f82ae453ad3ea4b366c62ab93eb1fbaea1ecdcbc7da85e42

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              9049a31a48acc9a78c82bafcfd22a695

                                              SHA1

                                              2e0dd293052efc1591c10a8b065f2d3a0ec08d48

                                              SHA256

                                              04fb41b64677ab35ca73f7bf0213e6ae9d99cf588355b1f58768e9f3ead7314f

                                              SHA512

                                              08f0dae6faf646bd3ed09801551cb0739c48fcc589853a4d7cb266f8784475b42568579312ce07c506395cc04183b6471be2a0339f39e5293aafc7e991581d4a

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              2cf28f8317e3a6920556a6245e67420e

                                              SHA1

                                              21c043450334e9e1ddbfab50314f1bb6562a6d21

                                              SHA256

                                              f019f30c6fc249d1773976e2e28fa07cf7bdb05875575847c7c73fba2844d777

                                              SHA512

                                              6e748f421846a726455b8edd63fe11858733588de4551dd823067e3bf9dff2e2c62564505498e7364280f6cbf2379b2e8bf762d35269eea0d48dfc804f6280cb

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              1a72bdd171f2a3cc9beb204e88fedb5f

                                              SHA1

                                              042169c82f5cff3ac0c3cb23ad7b3f62977ba899

                                              SHA256

                                              7b069cec161c8bb1cd8c48770b6bf18856e314dadaa81f9431762aaf23d16b8d

                                              SHA512

                                              33de0253b7ef395bc7c81b5fb36153c3a69107de68b6e96695e28c84c6d059fe2ac83a5b678aa9466fc69ebeb6a372a8b30f8951b5bf876598d4cdbad762e457

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              faf710010e4852c1464c4c40b61c1d99

                                              SHA1

                                              b68df2063fa536e807d9c7c50f9d6fa655c549e9

                                              SHA256

                                              e7b597a88acfb0908844e1a1948a9ec4ba024fe419a23a3b98a69a81f2239c91

                                              SHA512

                                              8f6607221751fb4c648f47c1bedd5deb62653f9a9f94712b91ff3c5380c2eb4934651fc03e36d9a1d6dab10e9fa2f9ba32ffa538116ba7b851188a890b4363cd

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              7f672269040ab28a062d50e933948d01

                                              SHA1

                                              82a3aeb54d70d2265b985842fce46c1a4d1ba03e

                                              SHA256

                                              ce1c56ce382cf7c31ea63e728c341cec9f1b4c9fd126b26db88304256221557b

                                              SHA512

                                              a846ca46655b4510d1e1be436d39513632b0c8ed738b7e210fe79c5cf7e411d1bf4a21a54c536fe8113bfe554807db98b98d0d0a62eb78488e83865b1ab0b7cd

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              ffa4dc6a13738500ce7aad9d2ff6d8e3

                                              SHA1

                                              16c1e4dbcceeac0512d87b76187a8ec30837ceb5

                                              SHA256

                                              455540344b184bc89611c1078ab17b8bf3eafd98fe53728c7913fa7f89263049

                                              SHA512

                                              83bb4b122777f2177c99e67d07ded4c8cc7ccf9b443fe00267463a1ca3250ee584e56e3e4e441f055e47940f558f797f99ea5b275dd9fd8243ec40cf2fd76fad

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              5a24a28f5884627d05e0a1944e703dbf

                                              SHA1

                                              b58a6b2a83a5976188d25e8516fbd48f147f8f63

                                              SHA256

                                              b2b441ace58d07ee82e68884386a5fd342ff19e5e529bdf0a5a4d1ea30dd7c66

                                              SHA512

                                              e32d4172f91d0208fdcc70e995fdba1285e3e8b9e90af4ca31fd556ccfb98dccc7fd2027a9f644817539dd937d0ab2c50482957c1dc883f30e5a1d63dcd830c2

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              221ecc242530ec1a453d79e0152d18db

                                              SHA1

                                              6106d306deeac5334d389760bfc732bb7e811f6b

                                              SHA256

                                              989a11136c13ff41e5251c3603ff7b5644970818d4b9140d0ae58806b5a47a45

                                              SHA512

                                              46d552e7a532cc074d9c721fec97847ebdf7d42bae703e4e2812d1e6c2e6e47824b777674fff7ff1f7093d7c6256ba35befab3f3213d3f5c1775bd1812eed426

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              5b0b552bb1d9ca67083cf1d792a68ab7

                                              SHA1

                                              2b08e2b3c0367920a7c11a149e9300d883e1afca

                                              SHA256

                                              51e9cd938f3e21f75afae0e0dc0e3042286a3e38e02034229ff7fdbfa6e5ac53

                                              SHA512

                                              011c084e7d6f3f5a7312a2c30dc628f048620fb8e1801f1da72f0eed57cc1d28a898b50e7c643a3170a684a6b152d100fe4c96305d3404c17b25a1acf62c5098

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              e22adb680e859854aa666356bbb3dcc6

                                              SHA1

                                              cc9b542b05c7611fa2c7cccb3fb94ecf35971a0a

                                              SHA256

                                              f2769f0aa4e4effa837a0cf0386fd414fc8b99899b18f4de55c95bd22582636c

                                              SHA512

                                              a61aad1e3ca2ca3fde2fec20bd0ad39dd9a745115c64b3e71890719189230394ef1ef7a74024bc9d64e7a4dd89a8524c4fe96f7115edf8e661c08fecb1923372

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              b5326906fb3a7de41f4b4b119eab3186

                                              SHA1

                                              4edd38bf192c4f8541af8b08530dd6d72c5f696c

                                              SHA256

                                              3278cc35be95886cc83a70dbb6c07ecc9829d9f7a58ead79e713b8b2e15cf866

                                              SHA512

                                              e17a46f57838ebd336f82031f9c822512804dce1e44f6286f713a0312c84f6516ab4bf860271f13a387baf889570061c4544b8f90dbda2d0b93fbf126c94b9d5

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              4aa1af661c52c5dcf5ebcbdd715161ae

                                              SHA1

                                              096b1132573dbf5a47760b27bf78cfc41403b68e

                                              SHA256

                                              8ea9f68e711ac44554999e6528489dbc15a9640bd60eeb19ec64e5165f31b5bf

                                              SHA512

                                              ebf769a8ec266900b4333bb6311e1a6a4feff2c4fac5b48a71512ef1c207cd889e683b81c51a21c9467a712aff91d701de839acd65c30bf2ea52f1f38d4ac40d

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              0600ebed4c344ffadb98f191c465ff67

                                              SHA1

                                              cfad62fa669d91b6c815de20c64b06c1d8ded62f

                                              SHA256

                                              b4744f3235fcabc74c09e35001b5d042e8bae54289d28a47f396fc463273f868

                                              SHA512

                                              348423d707ac740412519cd0e2165f2595be51743810e23733d3dc2d03071f03d542026f1959fe0374ad4be92898d02f1d218b266e73f56c453ce8cf7364e21b

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              ed8fc52a0a59f9f131c0372072c11fbe

                                              SHA1

                                              ee34ea567797dca9c963a3ea2a0922984e596ec7

                                              SHA256

                                              59442778ac8d72c9b79f36931878df1d69a407a27dc3c5195b6ec6a96f1a3850

                                              SHA512

                                              08e40cc117e0b5f73c67a856e15a59cc96b0c06387f35c05aa2d722823d8c275462daf445fe11b977d141ab55f393de7c4011e700d72a17a88826a388c53b0cf

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                              Filesize

                                              342B

                                              MD5

                                              6230a78a7494fa720c9de7e95f0c3800

                                              SHA1

                                              76f3ceb132de26489b21c586cc0dad21ecbea5dc

                                              SHA256

                                              ea6c1fdf89bdaf9b4a68603a8c485222ec32cdf1174199369ff5a51fadbb5e72

                                              SHA512

                                              b15aac27542eb41063f76ae7d1b15d103ed135ae185b5413a564f41231339dbf417e070261b4381986140f2c3e4b895b4258b5216ce8ef97546a46c226080fe8

                                            • C:\Users\Admin\AppData\Local\Temp\Cab3334.tmp
                                              Filesize

                                              65KB

                                              MD5

                                              ac05d27423a85adc1622c714f2cb6184

                                              SHA1

                                              b0fe2b1abddb97837ea0195be70ab2ff14d43198

                                              SHA256

                                              c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                                              SHA512

                                              6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                                            • C:\Users\Admin\AppData\Local\Temp\Tar3415.tmp
                                              Filesize

                                              181KB

                                              MD5

                                              4ea6026cf93ec6338144661bf1202cd1

                                              SHA1

                                              a1dec9044f750ad887935a01430bf49322fbdcb7

                                              SHA256

                                              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                              SHA512

                                              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                            • \Users\Admin\AppData\Local\Temp\svchost.exe
                                              Filesize

                                              84KB

                                              MD5

                                              df455f0fa8fb3fa4e6699ad57ef54db6

                                              SHA1

                                              51a06248c251d614d3a81ac9d842ba807204d17c

                                              SHA256

                                              15068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1

                                              SHA512

                                              f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6

                                            • memory/2544-7-0x0000000000400000-0x0000000000436000-memory.dmp
                                              Filesize

                                              216KB

                                            • memory/2544-8-0x0000000077B40000-0x0000000077B41000-memory.dmp
                                              Filesize

                                              4KB

                                            • memory/2544-9-0x0000000077B3F000-0x0000000077B40000-memory.dmp
                                              Filesize

                                              4KB

                                            • memory/2544-12-0x0000000000400000-0x0000000000436000-memory.dmp
                                              Filesize

                                              216KB

                                            • memory/2544-11-0x0000000000250000-0x000000000025F000-memory.dmp
                                              Filesize

                                              60KB