Analysis

  • max time kernel
    129s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 02:36

General

  • Target

    b15c05c04d0f3969ebd61a360ef4fee7_JaffaCakes118.html

  • Size

    150KB

  • MD5

    b15c05c04d0f3969ebd61a360ef4fee7

  • SHA1

    1304396a55b85cfbda6a886774aa31a844c7d712

  • SHA256

    d0697b119512ff2d14238bf0c44f564be103e953bd35c1280720abdd87ccff04

  • SHA512

    72776edaebd0eeac9a6ce6e4a71cf9d79d5132faaca07a7584f7fd8a41f7edc310716286186d01d9f01993e4e5769e9a898267ebd3b50cf76d996d1a5780adcf

  • SSDEEP

    1536:i3RTUB189zLyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:iZPLyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b15c05c04d0f3969ebd61a360ef4fee7_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3052
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:3012
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1004
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:209944 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        PID:2912

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      38133d506284af81578c506ab50b0bfd

      SHA1

      292eb85a029c13e24b51d7ee59c95552434c58f9

      SHA256

      90af2e9d553d7f18299f5f7e6c75c05778fd464e9d822560a8294a4d61ba1435

      SHA512

      8bfbac182149175f586ee4c79227bb0a2a94ce14b703d58dabb6a5f0d9d831184665cfb1b97d83a918bda259e22e5b42df32fa060b9d131419fa3539f1b38fcc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      9ab5f2c76c7a670480179bfc48da1346

      SHA1

      340f6efdfd2d269f801db6c21ac2d10002b3034f

      SHA256

      7acd4ed152cd5705cff7a59a656ec201898c668e3a1c305db3bede63dd2e06a6

      SHA512

      96dcb434a48dd923b6738bd3276adac7ebfb4ba5b3b7554dbd6f040d79f92dff509a9b09f7b5292d4e4e389fb07a4d210bbb1fb0b763466911a3376d8e13207c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      e16d90c31280da0b82f06fbafde7ec85

      SHA1

      888e30330b78623d79042c5db2fcfb6591548acc

      SHA256

      2af87c73edac445b167f7ffa565b3e56ef99deb4f3cce1b2e080b95c6c397136

      SHA512

      c06c5b4d854f8efd30d9f1b459820c5654e81552b364e0104b1812bb987ac27034ce07ae6f93d3888dbf83e122409417c21cce83309940748bbf2cc45620fb84

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      e3bc6d00e1827e1c5043efe5300ee6d8

      SHA1

      a984f660e138e1c559952a019de15eed1faa3db2

      SHA256

      0b86118736a7c29d92ccf76277525277c5ff64c553c3a47666c53f4ba1e13d49

      SHA512

      aacf93f3407f1a313d891ca1f343dcf49e24b7ca4af7bebb0d668c25b6e14049d9daa4e3bf3a17615e1e91762cabc1a2813f959411a4401d0544583d8ab432dc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      c37ef3d284744d516760781ec341fed8

      SHA1

      d639f74f2bcb1e4fd34893875570ed86e50a3a32

      SHA256

      0c3757ab78fd39e730e0ad70a197b9d36f87b17d25747224278b2a9e7bf12f75

      SHA512

      e10a9201513f5ba20a9f32fcb51934a15951f7c8afd74f7033ce9d3929741db03fcc4c74f5e101654e834efb4746ac5b5dc5ef68a9745793de8096dbb9795fc1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      ee15884adef7c3687d62b194cf281312

      SHA1

      40aef9c885dc1aa1cd1ee4f066961f2ea7942e9d

      SHA256

      82f05f6e500672a7f40f83c53b19e94568ad345694be3b7a1ad449148f3d8c7a

      SHA512

      0131b5f6e0c93a360ff5ca609ae3528fe38310885dcd1a942dcf9f0e4e1cd2eddecdd26c5a81e73914aa714d3cc0f869e6212a5409871eab161840b3f5ae5a97

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      1c944888e54f86530df4da439f46840a

      SHA1

      d1fc55fd89f818cbcaed07467b41e3319846009d

      SHA256

      98ebd0077a9ecc09e44b6710ecb6f82705536d6a443752d5e87075acc4072424

      SHA512

      664b742b57816e8abea8fbcde76a140307c245cbe911783236e02c11e64949db4b9d6207813f7fe8e03080fee87f1a37a96f807c56f8cc2900e95fc6da45223c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      1c356aa9bda004e3be7b7204bfae1c91

      SHA1

      5d5823de76aac0df7ca7bf194b0064a231d1029b

      SHA256

      46bd3cb0a78eeb7fb2daa30ec1ce54df6ebc39eee45f130148f70c4ce325d668

      SHA512

      3ad15ca2af51f7133eb3169edeaef80e4486128b9d1ac813016af003b45cf67c39747c7c224b2a932eb7f3dea7ace29a7d300448ee093696a75f5dd0602438aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      dd12d33464de46cc63bf2f64d5cb6fc6

      SHA1

      b5e519eb99c9a0a17faae22ca90618d9e43239ac

      SHA256

      024859c6659ed2d3f7124e96699f24680f5083b01c46c01b11d97df1b8a56ddd

      SHA512

      49a87f9076b95851a5cd7c5c23c9e450ee7b3e74c92749eb5eceae12df71268aa8156b3c9d9e5b0fa8ee5e9f29b5bee3de678a02bd93f58c63b29a9346d00943

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      8ef3825b71fddea18d43b6ae091caa71

      SHA1

      97b0e1c10258fc06f4d2d9bc803be5f29f1af020

      SHA256

      8843059e91f23c3b08b46defa95c476116d7cc175d7ba330d917894a31397c90

      SHA512

      cf46e25408c978477a7b0bf2f02968baae150b892ad0c11c2f987da806872225e0bd43d7a2c63341b1a7693c9e11bc156318f50405a94a3a1310d0e8ce0b2c66

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      a451fa7a33cad3cfc401f4d68eebdf69

      SHA1

      17181a8f2d4a850728d3b3c32b0b9deacff70a3a

      SHA256

      d076e0cd69de83059b47ba36163621e2e523cf8ddb06b30d10d91a2527669b79

      SHA512

      18f3d88489b4f7cd30498328801207634fdb88b7f16683bb0ec3c11a96da38614e15ee1e6238f830444f53c3f0255f5ab8fbfaaab28fa0d1a23e7889d78b50f3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      eb1c273ecc4171f43b82df992044f912

      SHA1

      0591afb5829c7695fd9a4d0e629ffe6a0a795276

      SHA256

      8747c34d62ebc5bbf84fc2c8dc9c2a567a6fe86de7015deaf1454080bc25e159

      SHA512

      a5385fc01ec04962274402d53c62409bc7d5b353bcf61d4530ab0d067b0524e396ba98609407c65198dd401c494bc8e949d5ea5852acc933c6e9519423093dbb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      5db1098ccf88fba4120b72d4420314f2

      SHA1

      1b87dd6d3baa709724e927bd75ebf923e1cfebef

      SHA256

      ac9200e7448c6256d4fc1562005e0c993633a578f2830128858ecc03195e3a3a

      SHA512

      4fb14f3ce08294e414563c9bd2c6f50e074141ff094c95783f8ed60ead9ba620e58da0c9a6618eabc8743b7a014949422071264c46d2adb1075b0e1e121bac47

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      691d6c6f29c876fabaaba1fb5e4571c2

      SHA1

      91aed35abb0cddc60669453476dbea3301d97e4b

      SHA256

      d5d1d079614f623af27ca9b003c500e5d0b55ef541786a86f625a19ada530754

      SHA512

      ba2eb0e64bd8cef7636c52cf1fa57d56f962ac5569db2c62931bea497d9d1411e6eb621537dd8b7edad644eca4cf191080a516439f27f12d34e708edc71d47fb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      2ff8b2b6afa60aed68f0d3c03afbff99

      SHA1

      3cecfa4b3326b86e3fbf31845c635ad09c809f8d

      SHA256

      e2788f1e3f8a008f795b81b4fe775bf1fd9b90ad981050d125335a79a8b94e82

      SHA512

      4e0fbc735d687ebbc4ba66d01153668573488a5c66b1ac20a7b8f50212a4c29f949a94d6240e2fae33a85bb09ade9d66cfe688ac39907e66ea0b07e1bb11344a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      add6922195e60ec2128b777184077363

      SHA1

      3e3762e4295df7d050335937c6805a3cfce513c9

      SHA256

      a0cd4de447d8fd3f401c3e7d3cd76f3553712ad9932fe4aceaaf90c824576b6e

      SHA512

      0dccf04e8e879861d771ff3e4e5cedb58fd6b9968beb7f071b2aff8d40c90af46a33019f381826587b7189432e47f6a947c85758526497667a9c045b9a90ba50

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      9d407c9457aadf50c45ef7f6baad7772

      SHA1

      777a11530a40accd54f7930f86bf1a2ba63a88f2

      SHA256

      1be266ae805b9661457476cc06df76c2b5ce04e7234c8ee4ccadee636ff040a0

      SHA512

      62309433963eddd3e399700cb95d6ff4d87c553e88068aceaa64d6092800f3e2380fc14b350277bc754820197dec2f9e07512a1d67d69997d150914da08359df

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      9562b0681b3afd01793b3eba5c22fa82

      SHA1

      340ff965ee15f7e6777edb169bba33dbc4a0fb5d

      SHA256

      c6020bed8f728d5d7d5cef839e1f1b707ecc1c114cd5ecdabe508a8cc69fbd13

      SHA512

      7c1e7f733d353e80217809ef870591d0ea8eb6f7656c1b68f294a7b055dbe6e69dca78ff1ce44a0602a7219d265f1ce6429494198682ee374d2440c14f40967a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      a9cbb0e3ebdb855a6e565eb7c2f517ea

      SHA1

      e17d098ec0e62ab5cbdc2403f6dbb558b51da94f

      SHA256

      a70308e42329133808c1b85e74ff4c9abbfe7858147bed90c17e797a2cea328e

      SHA512

      b042de76c5c729ce37226cf388dd4cbc112a4fc363c61729fbde5077a2c5908b721e21e877b1b612bd959d74cc050ab62b74cb8ec7b986f965841aee879ef191

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      2d84100c1c33e30a6bcf2a38d1bff2ec

      SHA1

      558b7e7c2abbb7fc415744ee34c74dd79b9b3d08

      SHA256

      40518f6dbf89de61f6de0d8cd17715d34638c4f5ba907f788ce2340093a18637

      SHA512

      bd9b112cbc3632a85a53ab6e552c43b270e6c87956635cd9255f5d80a2cc3dffaca944f00077789fcf8d57a884b65061a982c639cb0322021ab5702e3ab6e5ee

    • C:\Users\Admin\AppData\Local\Temp\Cab121C.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Cab12E9.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar12FD.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1004-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1004-491-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1004-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1004-489-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3012-482-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/3012-483-0x0000000000240000-0x000000000024F000-memory.dmp

      Filesize

      60KB