Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 20:53

General

  • Target

    ab68cd5e476eb79f8fa0c25f32ad5483_JaffaCakes118.html

  • Size

    155KB

  • MD5

    ab68cd5e476eb79f8fa0c25f32ad5483

  • SHA1

    670ef1e06b3232b1ead317bfa92b713b92d8c839

  • SHA256

    9818192a9e564e8f208da3b1fd4ed878b2372e9725705057670f6c5cff66f086

  • SHA512

    71c9ae47e3ee4e9122f96ea3150987d109d60dfe21e8b34669052e35f7820cc578c2d8ee00e821107cdbeb19ea82ab517fc23eafb5e9bd82dc474e51b5375e62

  • SSDEEP

    1536:i5RT8R0niTIkH3yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:ifiIM3yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ab68cd5e476eb79f8fa0c25f32ad5483_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3044
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1960
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1504
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:406542 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1976

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c99f94e9c7ac921a97d85de2abbb1872

      SHA1

      ad32fa49042ae123ab25a44bb9ac59671f58c9e3

      SHA256

      a4721cb6d8d905e7387018dd5c40935b2fd8436dcc02a72e0851cff73995e3a8

      SHA512

      8d0de70d91b4f1f0cc9a0fcbbc9a7060f99bb35c284d14a7be95ae6aff5e6d43acea1c5b1a838e0cc13e1a50d533b679ba88da9cffd03ba06c5ef01fd392f73b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a5f182fce5b810c1c4868678a46d3d17

      SHA1

      ab2050b1cee09a2012a369c2eb5b669ad797242f

      SHA256

      e0109bfa9b170d9f5ff736098a9182beceba79b8d76e0e5fbd8a7c5cd71fdde4

      SHA512

      6e0d0202e1649f19a2355725689008255d4b2cdd79d29eaf5d67a52f9b56e9cc902a4e6213003858f644ae5007819c3906cd7a339dfed06fbeb53690a1380b37

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      17016fa64ad7b789e3cef1c56458f10e

      SHA1

      545553ffaebf5528fee47f1bef68f85955240d60

      SHA256

      58d1a6e2ead320d45241d498693dfd2fe0e635f857a9faedb7d370ac5f1523c7

      SHA512

      7b282a65b3cb680f71c983f29eb1f9ef7ac9ff7f390286ed85ad6c8eed5e0213f97f33f5a7ba7749e0bce00e06cfbe204818032773ff524c5801a2721fea8b62

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b246d5ea28dc73e2b89f270892e5fc10

      SHA1

      0c96de832b6d1a1739556565d1a38eb02b5f8c77

      SHA256

      70b64d6e7b0db27b5030bc48108872c501328dada37b2311277b470e7d581116

      SHA512

      ab33f9de8a0f323f52b41cb115b6d7d83984e308c9bde888747b4a8a6bc9941092009e19355bf1a40369f3faeb458e39218cdddb29405148510b019f9f31456d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f494067bc594eb3cda7e2c2ddad70cef

      SHA1

      26fb5f1dfa92839e0b1e098fdfde1efd369ad184

      SHA256

      044563e68937581c0bbe723c08c59e8a6dcb0ffda6765b89a4669306ee3def1c

      SHA512

      f4e728acc43ff7a1c0a60f45e2834197565aadb11828a2d843fca0dbc0f8edf504aff4720acc14669b9bc64215ff95d0ff15558c87bba67e5e5ec2ca7403858a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ce7edf459dc89375b94548a219159d04

      SHA1

      7702b4e5db164a30a69d7773c45bf3125d854714

      SHA256

      c45fb0066ad360161095e05e389d3e407ac67c9e22dab6879d70e079b832d9f8

      SHA512

      eb769034da4ed69c7bda32233be354d4f2b3a07d8000a92934f937472f7fb1bade574ff8018514379a9ad90d8fc00dc4824077ebd06dd45d77a56398bcd7623d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      922821d76764c7ca9031fb6a7c15d22a

      SHA1

      3e73ea9fe4da987279d8a60361d14507e9905faa

      SHA256

      36f0a53f2715777552725e1eb3ba7abef83504680b1af3a4ed0747ec0c83bbf2

      SHA512

      a5b4e8ae997362971483ab7afd3d7edd0bb4136abfd8c76a44e0470b4be7ab5d64188d8827f71b9ba180d48a138acf87b9bc0c627cce0b5ab3dbfb6999181e9e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cc32387386771d195132b3823a6e1972

      SHA1

      4ae082c7d07d11bc071c209e36170460da293a08

      SHA256

      55044206a39b10afbbc6055266b200ff8f306e5911708aed964cacc3d65b2489

      SHA512

      c9f1fa70fa4570cebacbdf93d5fa3c26d46668eb3c3082286b97b2702f243072a2492dd11a252d4377dffa535e4a7ea866e37e5b81cc56a0b5c5df0f747d3019

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      03f1cf90361c7bdac25079840d77fa8f

      SHA1

      3a1a3534aa48f95a1dafee2b634a9cefe72f75f3

      SHA256

      f5931463e8f0efdce887216e303fa7e821801b0bc3e3af9f7da069b9efb4309c

      SHA512

      13e327086672fc15bc5c9c9f994b0e44718f014005f7b814f43b2ef15ce5058c1fe14c15a159ac4490ceac736e29ff4e0faf9f51ae556504e08f0dc199f6bdf2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      99df9345383a8c055094dfa1bb8b7306

      SHA1

      2d307e6e08dbd0ca7a5ed6134185f81920238529

      SHA256

      0ca5d91dcfe34dc4b6af71b227b6327cfc9a9950ac57184dc447b5c648d04cbe

      SHA512

      9726937883b7f6260d003579951677203ba070cda75d4189ac5708beb42ff5840d2500454f36319dbbe0d49ea06e519caaefd26ae63e126b6a44b4afba62979f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      378d94064d001d68c78c728a55cc063f

      SHA1

      d24d1b3ccfd3f1ee5f1e11990012b22dea347b83

      SHA256

      0b4f418e085b0b432732de8ba23d8ff1f7edc9cb162cee0e53822a08ed9aa2be

      SHA512

      89a7af92986c9f4ed896cbd06023ea342de9419256ad7ab88e97dc6b7a5880a097bb046f4dac1d9d61fdb48cbea20d9e7fdff2a602fa443595e4ca9d62fff0af

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ade73a8117deeba25367c6ed4d93f42e

      SHA1

      6d435fd57a5784f0bcee56fbaafe058e3f7d40ec

      SHA256

      b3e55e94723c9cccfad0d16a5e5382c81d384d2af43b141149b7f0aac9f50923

      SHA512

      2262e3fa42f253ae60bc20bb5ef5e5def560f982aed362258d7f9ed7a52676445994db7d462bdab12852df1ebef72c783c94b33ce904930a68267e555e2f95c3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      baf7008e565d0b70dc11b280804deae3

      SHA1

      c1c8b5fdb12fc5b881c68cea1b10a9bcd924b333

      SHA256

      c083bde6d1036012adadc596f814ee5a1345c15e4369108b4be1e9424e2a445b

      SHA512

      3eb0a597eac8f62b5563e1498c93e025b3a06d800356ec1e3e28d0d630b62c3d6e60d7848b15ada47a7210b84952954ee9bd73eead9bb433a36affd68856e9cb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1018a86e217066c72b63883e514b3142

      SHA1

      9630cbdc09b5ef7e36e4bee98484a30a178b54db

      SHA256

      8b128926570d636db6aa42c8d7d4f29ecb0696e0760d6c13456abffaa472c031

      SHA512

      09775be7944f7de3280feb1945a75fa8dc12e12791aa08d9e124aee09426435dcaa789a0c96477424f71a346afb3363782ab30ee59c16779d9f44e4871014198

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5734a3e9aa3f7b0ab8bf2dd3a2c2f40e

      SHA1

      012b0f6ca024461e2f3d22da352232a209451a03

      SHA256

      ddc9132c893c58f3757b7e66a4329c92cc496d6588df71f7b98169c20b3ec6e3

      SHA512

      9ac298eb6589fbf8bd3bd9fc8a8ed2bfb0a6a42c972583d04c73d45cdb546d521ca16b57c97edd0e50ebe8c633f9ff9952b19e938fb7339dc30476fbccdd5f1e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      48b2e48221762c3947fd2ecb9c3f0eec

      SHA1

      fac88bc023937e963035dda083f54df2fcd8c0c4

      SHA256

      d998de42389f14ab6977b535c0ec6572672c1ed6dfb648f1253f1a231f74a69e

      SHA512

      4a40b78271a1a64e5ae29088c437bbf656de6811ac9248b05da6ea87c5e1a6dc3ff5af6308d3fef953cae5b45949ec134ac837dbf9e8a19eca994e5135dbdce6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1a70d1fad43d275a81332cea9fddd8cd

      SHA1

      23e38064e463f7792e241759df254dad78d2a435

      SHA256

      6c3d5ad836f57df71af9e0c305f2ccde500f42f8cbf4b1449b6df07bb4c95274

      SHA512

      3a0d07749ee12fc7a2f56932fe7b5e2e79f308e66e7f06c9a2e8556beeb6764aa169eaa911a515d2f1b2e04bc33a194fa4a58aaf8478585fa390bdb95a31dc98

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      36de0267774e6df87058437df6e53288

      SHA1

      fd61faa49674091f1572a94ca0e996a5b4bbe236

      SHA256

      ba9e5d9b56e9d4d948262bc5022d5a910ff4a6208922029e14f23e1d14416ec6

      SHA512

      e49d04d8cf8ebeb17158a1c6c0bfb6403008a5608d428b81ac3556d8d726fbc9ebcde5f6c4e317830051455125087a0ab1f74eac23265540b82323a9a5317338

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6537fa857ae8029f7e14150de415df0d

      SHA1

      d78eb0feae7cdb46b1ceef7b80c2bb768d18a8b6

      SHA256

      02ffd54a67cad61d9f180c79467ab7c8c7bb1def6ca4cd9297beca11f9a364a8

      SHA512

      2a90ece5fd37d8b17424e80db7f37648599b3bcd8359937942c9c0c70b6730417feba80947cba1cc88fa8661519fcc99a23381c6a1898e0b59eecc0fa2e1065d

    • C:\Users\Admin\AppData\Local\Temp\Cab2C7F.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar2D60.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1504-491-0x0000000000250000-0x0000000000251000-memory.dmp
      Filesize

      4KB

    • memory/1504-493-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1504-489-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB

    • memory/1960-483-0x0000000000230000-0x000000000023F000-memory.dmp
      Filesize

      60KB

    • memory/1960-482-0x0000000000400000-0x000000000042E000-memory.dmp
      Filesize

      184KB