Analysis

  • max time kernel
    145s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 02:44

General

  • Target

    b164ad65fbc78eea26727ccac8e94314_JaffaCakes118.html

  • Size

    176KB

  • MD5

    b164ad65fbc78eea26727ccac8e94314

  • SHA1

    87dac818c7b000a8fe7ae5f2ff25491bca1d8b6e

  • SHA256

    f62ca82f39c62a9c58912a7a08353ace0e1ff130dcb2c66445f495e957ef3096

  • SHA512

    4be829567e75fbdfca0957d18f70a24706e8f36cc8e1f1285e238b610ac308ae350bde97649364fe06ae5271d6e26232853f7c5cee6b89136b31bd2de358f8b8

  • SSDEEP

    3072:SjAryfkMY+BES09JXAnyrZalI+Y0Buv07w1GkjkjzB:SjAOsMYod+X3oI+Y0BuvuOGkgJ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b164ad65fbc78eea26727ccac8e94314_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:352
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:352 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2428
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1724
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1144
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2496
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:352 CREDAT:603146 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3064

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a10a43bae2d6a5b9b6569d2347b27566

      SHA1

      9f09878e2f1152e4e37b5add950a58b07c69f292

      SHA256

      c1e7b13b6a918a55f981e8d244703cd0e71348909ba9affce65c1bb1ef95007a

      SHA512

      b1dfd73bf32ff8603f78412252d18fb80258e9e690c41c558f3c245c7fcacb911f540f4cb50c0822a391869cf408d320ffa4ab9cfa83eb351f2f127d395dce50

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6a7ffafdfb6184992b5012027dba6f8e

      SHA1

      60f2618a4ff4d7ab9062c17883fbc56c3ec86115

      SHA256

      2bea8e35bf66987497bf97b85d107eba4ed7fa57ccabba13eef4851f66a1b690

      SHA512

      68700099f0d4655598b6f1a5c9278ec9aa9e0240f163bebce2a49ebc82f2cf0bf4e0bb518f3cdc5af12ccc5d1dd14552eec8b969ba03a12a63471e45d4c8037d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      994ac6a05879b200f2f3356c3dcca7a9

      SHA1

      c3a9e903ed683957f02a60795ef146ba2f272884

      SHA256

      050f9a4d60f25d9662c85ea2f6164111a245295b7a1a8e1110ff16ed5e3945e4

      SHA512

      80bad4899fd586a87bf38a6e2118deae1450cbba248b955041cd236ac474f37cef814d17cf75dbd8b1740710d9afb5889f1cd92b77b04830a8d8f8592151ced7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      267787554d338a4a0a1a5f5b8501e55e

      SHA1

      eae56ee409212938bdfe8d80bd4079f6c1fd0cc9

      SHA256

      8e6ca9855d2be1b38914510cf2ffe9bad3983f22377863905efc3beff15c1938

      SHA512

      6f4cd3c5140fbef7ab917c0413760cb5a3f23becd38bab6d1b3e522e764b2ac07bc9c8a17de299cc44765386f710d34e36972ee3596130c9c2d053a9d7e928c4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8affff1c464eaf722622f91213ff03c7

      SHA1

      759b104ee6f18ce1a1aadea0d35e1039be9ef306

      SHA256

      222aeb56720a61943cf73afeda1856caa855dd3931ff4f8f5db0228a881f08b3

      SHA512

      562350ff5b7b49bda0ebe716ea9a61a595746ab055bf94e317ff2f446378b8def10ddfb4f102c3cd7e9f80f762eb9d4fe64e4d5f5d46894e2b4f36317f001431

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f2c638e27f2e9e377c778ae4d075a571

      SHA1

      a0eecd2e47fcbb267cbf47f830ecdbe53e2f744c

      SHA256

      6e1c51b020bc7491f553939272e104f02abfe54162ae03735beaad33b229c309

      SHA512

      5cd9ab5f20cc020a0021373cf90a13d3fcba094e908bb96a9f65c81e46df3acdc48c0f3c634edaaedf5c9366a1e5b3cdf93c2129ffdb6f54a410c2137a1d7766

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      25d4fab117a230ada48b87f756f9006d

      SHA1

      fbc02acdffd5b9f5d51115185d4985bb65e6eb01

      SHA256

      1459198dc2fd9eaf2b3a1d9904df42d75b14ee62b56814d88e2dff61c464a853

      SHA512

      7f48626240a601a17534dfa7f04d8824a512c07c4cb9ca411d4d755a29920df34559e9a4198ba76d4cd028cb93a9bdfb057f8d4b086ac68d55b78c91ffec02e9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c0b884fe28df304b84c88759b73a73d8

      SHA1

      57d6739bd8070890f1696aac31a49c4242b168c3

      SHA256

      f187aaa8eb4d58cd3f3381d381da9b0224174f578f1a7de20f7287052d0ee7b3

      SHA512

      c5a10a7fcbc59848c914ba04e74dbbe93a5ef073f207e92d9d6e836491b1e64f8289b95e2a851758becf34e6762fed687c12aa7acb02785c3f7c8139eef4db84

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      62c43a01e9f46796f282873880c294b2

      SHA1

      434732be902ea0869bcc687f18e3d2baafd9ac1f

      SHA256

      7cd04eec375f93529a1eda3052647d88101250bd1a937338039d854e30dc9501

      SHA512

      ce13229efa0ba5b2dae34b7574a8105e5ae383b3244c7967b1f83d4e355bb21ff08b11b6671fb9b14c3420d4ad61232ab3702165715890a327e6bca63214764c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6c661c84bcea37504696f19450665cc0

      SHA1

      749923031c9c1c963a1c716902a49046d8b4f999

      SHA256

      abd2058bcc946425e8b929f23615b5751ff087d8d5227c723144d28e603e589a

      SHA512

      560175ef1f87397c4fad605ac56e1964501f05340103f66c1afdac88e6dd891040857ce8d85bd88f51f6f2068c340dc949f8672a0d7ff4a6aae6a54badacf1bb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      86f6cc70baf2cb1a4d8457ab1012403f

      SHA1

      adf1c346976a92f5ec96139c674e73f83b4b9e41

      SHA256

      55f0b851e1ed56549c91f26e757ca0ebe7c09fdbd25e5d45e11d9470f3031c42

      SHA512

      5eaae9749b5f114c9fd228c289cc124486edcfdea35bea4219127bb019355efdeabf00c529ae2deee66676df27ceda2b494c9a79c4eafa2c0cc2aed40c77e671

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7422d1fb16ee64c8e0ce90fef7cad277

      SHA1

      7631f229bbd5196f5806f7c409b4fc0339ef8922

      SHA256

      fec199b16dc164586ee15ec4648cb3aa322d43ffe0c735e359d7139982930ba6

      SHA512

      8b2ef5de0c1eb5dd7a7670dd285e1ef883fa03685be723eaa082ca2269f3a22faa58df1272a79a53117871cd257a9c288ed3c5c01b7a1a90b4d1869b159c90e0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      81bb6139de9fd2078a12eea76d25b530

      SHA1

      1f2bad2844b71ebb19cd72c9243c07ca5057b12a

      SHA256

      7f5a5c8a1b4041f11cad914a0df0a8119e02a7641dffba0ae0ef158836bdabf1

      SHA512

      107384630e8fba60a61246842f875e6dc97330b750ee69d7f88c55871b8fc430ac08663c78cf0481244fbcdf36dec71cff091062576fa342868bc1afa4710c77

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      775c84425f3946765b941fb9d1af0b81

      SHA1

      66f050990551b8b0a9a695d8275b7ee907e43544

      SHA256

      938c434ea0810ee811f3e6f1c4b1f7fa34aeb5fab6a27271d25f2fb0bab9c8c7

      SHA512

      836849cce53abdc2a770ed876ac95ebd44ffc2e0fe28a1f5a88fb81f7ea15ef0d9e4898bada5233edce158e4b1682f591cc9870b79ff1692965a663aafb63b64

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      52c88e4580752e42b5af01ee39688a0d

      SHA1

      20e6afd2add6685961b6a33a9408741a5a8964d8

      SHA256

      956e1f487600e4d2705aba4a0217a0aaa7852c682bf48368d1b76537a921587b

      SHA512

      f012712019849229f45c536ee51f98fd49fc43a6d2a705bdf614a799747b228039748d34851802a38e5d8bb32df01d9582be87ffc2c35cb530b8bfcfd79ad67b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8e2ca9f2a39058d5ec913caa580247b3

      SHA1

      5a02b2aa61c46766d85d5c0de6eb3a6c75dade75

      SHA256

      25f9c71e1d1e79c769690ba55c0eaf7751409769351461ab8d9502512a5f109e

      SHA512

      e035be61341765db08be3ae3f09e9bce06214342c63576e08e3d82ad8fea356c0c3655abc53c239792b84c860bf7b63a1d3bbabe272b6f8341431bfb765f6d48

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      134164dc12d325c5a362e876d8629d04

      SHA1

      cc9cabb1d23fd3bc35dfbd7e78a52bfc656baf5b

      SHA256

      abfd1993bed7779205003e87430eae4a415d8c94ad97ec0ab83c5faa11f842fe

      SHA512

      888e970778ddaa7b8512388ef962eb8599021dddcf7b19430b70344a64b087626395687c80f366ba22280f53c521d811cde5af4da5d61dac0a5a501d9a193189

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7e1107353fbf077754f6af5ab58f93c3

      SHA1

      f14628dc0480e570d3881f7b109006d7d31c33c5

      SHA256

      7f44beb34241551b127c8cc04f79d371fd3e645cee45c23d51a1b66e0d78f94b

      SHA512

      9077b7933a5c1bc861c47ee85371122b49fe54bc9bc1b002dc4dc7a8ba692c4f61acc2c617aef4ef22e111a0fb73d6229b7f7833a5f54dff1d36358f15357a73

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      618f0bd9542d7d960fa2a3cb5b4c4cc6

      SHA1

      91b351e2329f0e184df66313ab2672996abe1234

      SHA256

      db42956b3569702c955696932bd001161ac3ef82c2ca0e8b8f456614f4f6d876

      SHA512

      a939b0c2f86b54282a6d9537a9d14e0787f08623a5a9d54abae40ca0cfda1fad7b2e45a594483a6c6b87ccdd4571928626ebf0fa0a064c1ee9c04c542f7ee71b

    • C:\Users\Admin\AppData\Local\Temp\CabBC5.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarC65.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      83KB

      MD5

      2a591a91440acc2cfabfd0221cfe1378

      SHA1

      add23a4e51dc5649984f56c235c48382f5c4f235

      SHA256

      2f37132fabb06650873ad3bd0b15d2c13596fc7be401c0ca05b443c9a227a44c

      SHA512

      3018caf86d187c14256deb92407157daf116720623c9ecd7d153c8456d4d1f9ec9b7a88db6db9a02f06367301af5d6c3d30e62f8ad04657fd651d4221a9287ac

    • memory/1144-447-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/1144-449-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/1144-450-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/1144-451-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1144-452-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/1724-445-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/1724-438-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB