Analysis

  • max time kernel
    128s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 02:33

General

  • Target

    b15937b19b21839773b96cab47eed730_JaffaCakes118.html

  • Size

    155KB

  • MD5

    b15937b19b21839773b96cab47eed730

  • SHA1

    4b5b8393a59efdecc560ff90945d1df3201f2a54

  • SHA256

    b8a9d99e5fea5601939228b3d26618b5ae8dff2ccf080a49e03ae4dbb54871fd

  • SHA512

    ec16f9dc6c151dfb2dc861b015dc7265aaa9d14e3cafabfb7a23764255dfd50d2d047261e2b555feb030edd0bd6286c93e12ae58fbb68d29ca19ee57350d7871

  • SSDEEP

    1536:iJRToevw89+3G7yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:ivoK9OG7yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b15937b19b21839773b96cab47eed730_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:3056
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2004
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1924
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:209943 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        PID:2324

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      69d268e7cbc1d0bcd6046afee9258664

      SHA1

      29354eb8e6dca437e1cde24a850167541077b023

      SHA256

      d3006ca691462e1f24ec9c95d83b21ea986c02bd3332986767c055ae8d2ae975

      SHA512

      ae070caeeb606977cdebcb857cc5fb7fa0c4a2adc27a3cf0dc133150bec7295549d4a1712d59a15972421cfd6793dae26fe62397815a975f2a54fdeec513d556

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a82f0d92a33a384aa4efd9c3ef1771c8

      SHA1

      e3e50ceb2d9ac48777e95e422791d2cdae5112e7

      SHA256

      ae051616f28a87f7a3fa36833e4e93cd578657af2974c4cdfab86afacad00ffb

      SHA512

      c0d318faa02dfb151481134848c3d8adfa1bc56b01e07bd0f82078b073c7e993a9fc4d7cc3bd10978d73d7d04aef8eb834ca7a23ccb6235cb6d617658704a184

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c05bca39768ce9538f3373d9f45da4f4

      SHA1

      535f26f422b869abf0b8024b5043df8b6af65722

      SHA256

      2c4915dc91b64b75271b1ad4aa95abdc0c540e6287288aeceeeceaf2cd74b960

      SHA512

      d75d2ee2b0b61dc710933f82d26a7e9ca705324bab11a6f687267c7b1ed8d157feda291d3dcb6488aa61e5210c87b9892a18a8761a45d05aae2c415bb1af3021

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      08621ac74997173012c03ba486191cf0

      SHA1

      ba30e9d66a93f30fdcafbea4fb2870f37b981b18

      SHA256

      5255fd185275902bb3559fb7097456f686e026dec3befbc0b9589a82b48da030

      SHA512

      b11936ba15a38910d54bd0b126dedd55d85305634d2b3f135275cc423b7cf24a627b4cc1a1c37c8bcfec3f72cba90cbbed12aec11bc4586f2524df6d052795f5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cfa041748ff0e77e5379a6fa8ef0663e

      SHA1

      43bbab8c890ac25a4c92a33043f0f1b5ce713109

      SHA256

      e03263de4cd18d618128fd4444257ddc001f85609a30492e19c332a78b138960

      SHA512

      423bf647027db84eb7d283739b9de9a979b7fb012ba4d99e13246828c14f53c33f9ba11af5ec3d70af63702ab986411f5ea1d296359595cf4b0b09301b17e450

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ef4cf0bee1f7548fdcf867aa14e01ec9

      SHA1

      63f3a4a25bc122625f922a999e1383cd5d7bc952

      SHA256

      4dce5ef96ef36cf7f3cad444133192ce80ff2a85970fd9183048bb9ed114959d

      SHA512

      095b4aa53123c325802265438049bb5bf9aa244c1d2fc2e5c14a3c719385fe166ae6a741adb921dda954f71bc49c9a98f8db85b928d7b509049a1dc3321076e6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1bc1d06a2345232e1e62ead111e3735f

      SHA1

      cea56b82bf581bdce397d0132501da943d5ec235

      SHA256

      76572d631d61ace789fa6fe63934eb77a41b1f315187d693f4be73d33c85e94e

      SHA512

      3b1309fa650eb5e8bababd572611691c6ab5711eda6e3bfe03d50ef982c6414231b4a4e70a82d9a6180cb859205e0e888c663f15ed024496ceffd37205bebc32

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f538a1353412d8d6cf14bad6e3727e17

      SHA1

      1b7079c5acc6d2a9e30073a2f08d5bfce70f315e

      SHA256

      016a7fc9f2a2e392d4f41d973e4cdb4c1eedf8146655b42fec90487bc3add2d7

      SHA512

      0cd65d4a0797fd6c223900606d73ba353cb9211c3fc506a41d3d839e18a0dc5824792e3d2bd5908534b658072090f89cdffb0a2460e194f06327e976a9b93161

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c61502b4f3cc5aacea0af158a522e2d6

      SHA1

      fbada761fb27f2952b2b94eb71dbba8ad44d942f

      SHA256

      45d3927d76a19383f754439302b9b584adcdcbbaadd97a0c11259898351d0744

      SHA512

      8d017ab5e6f803f70397b31a306172a5b9d0af55d84df8d6b9fa1cfdf7a997cf189a21c1dd98f4fb852757542819583e4c66d6e5bf31371c5afaa714de9f492d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f1ed9f7bab67053d33fd1b208854a762

      SHA1

      a004c239252c673ba9d357123246e7b013b271fe

      SHA256

      c4f6262302f92d37736cd1e8fa4c338c46f4a041b58a72b0b36fb7be82ebad5c

      SHA512

      417b2ad5e94204be4aac9fb24bcda591b950a05225190de072b64c2f2dc221809def73a142fbe10646adef8c2267eef89a81a96866e76608d5aa7c6166d9b43e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      71cf1ea394fcd7dae769ee36aa80e286

      SHA1

      5dad2c34e8da690ccbbbd77950a72e5f74001af6

      SHA256

      d3c5f188d045717c6cabe471cff07ed3ac30874b215f95c80816e4c53c6dbf89

      SHA512

      0b82d46c45feab70921f9c5e9046a02227847a33417ef7a6deae0a3f8c36bc466a866c1115278f5995e8eba670f7c7d7ed30d572ffe56bbf21e6ed1e5c424624

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5cc2d8a86ffdb14af2cd1a409b14636c

      SHA1

      1aec1e142b07cd1596b764b5aa520aa54e5fc2d5

      SHA256

      a6dfef2250777b11c200b0b1f657e759b7be1e4da5c445a54d63802b751702d4

      SHA512

      6b2f94efcc14770eebf4f47d6b38c1ff7998244a8d047e903d58e538c02c557290c8f6a5ca2f6a4b5c146a8393da8945452a34e8e394596c4f295976c3939680

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c37ddce5765757af5f561f54f4e553f6

      SHA1

      e13902eb36256feb779ee86b19cad388dc3d1a02

      SHA256

      cfb912710471e63d74f2ea2ba4ecbf7c93b858b047f50ad535805e404fa96b70

      SHA512

      d03c5e52fedf9235506bebe71f3e89f46a86a1dd71f17a297c5161f9503649737d76a18c84c2b37b1097c45224c500fbd6a62d8492d8eeb4b34558ad768df8ca

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f044fe32e46cd0ce9b5f56343b47780f

      SHA1

      0069b8a04839b6b346924ff3b1d1378c1e61cb3e

      SHA256

      58e548139e8276072c407296bf729c78e15bce32bc791b111b516c9646eda765

      SHA512

      8da0950512d562ed44709114a00bb0d5ab385176d6ae17c799f1225f5b265de1b256a71fd34cd797f45377a8559adb3df082af3dc2889d39115feca18fb6bc1c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      91b6fde6bc0f8bc91ea533b3c97e1b13

      SHA1

      9798fedf472490135d3601e381a8241b39789853

      SHA256

      d1b6a9f5b7d712304e1284941b19468e1063acb8904193315378ea3d664199a0

      SHA512

      b98cae83a6d676391dc0df4f1f557abf65639acb4c9358d34dee6d57d25db40c2243283c7012ed0e70d7b467464d29885d681ea34ca5205e35dc7ed0075a96f3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      03aeb16dd5834bb84d92d60d44853c0e

      SHA1

      c4c9c846a6c98703f3c7ba9d9d5a29420036dba6

      SHA256

      797e1db02efd1e57dc9ffbd7b5f5cc16e6aca3900db14e2273f70160111b23ac

      SHA512

      f0558221c2a1717cc137870b43f2efe64d15897f56f4823f4c8451a804baf91aa51c6e4efa1905dc14c075bbc9912cb999d1b0606648295e13f5e26c84675f74

    • C:\Users\Admin\AppData\Local\Temp\Cab21D3.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar24B9.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2004-491-0x00000000003C0000-0x00000000003C1000-memory.dmp

      Filesize

      4KB

    • memory/2004-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2004-489-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3056-482-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3056-483-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB