Analysis

  • max time kernel
    130s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 02:16

General

  • Target

    b149d45ec869d5abab4e9da24f6b15ed_JaffaCakes118.html

  • Size

    158KB

  • MD5

    b149d45ec869d5abab4e9da24f6b15ed

  • SHA1

    45639443d3e38054cead06f468091021fe3231a1

  • SHA256

    92e670ba377d185d258c0529ccb738147471c12723d596cc413b999318f29c43

  • SHA512

    421fb8230d1435388b36864ddababf418e2492a2c4bfc9b785522585c7877a600f4a4ac83ed24d8f226e13ddd678cb93ffd8fed33e8426710595cc395058405b

  • SSDEEP

    1536:i9RTxtzTwQTO7yefTuKc+kcJ6Va+zS9XVuomH6Ak1rPlrubP1RjKpmXJKYnCsmmL:ibS3sYyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b149d45ec869d5abab4e9da24f6b15ed_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2192
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1424
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1516
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:472074 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1500

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e75c4d35341e437133cd352324993dbb

      SHA1

      b10864ff6ea2d93d73a644b0e80bce471c45bb62

      SHA256

      024d5c577e5934df834b63bc0007965493f7b98b8b127366ad13213942fa1d18

      SHA512

      bffdf3e81c0f64f06458e8e1b273b9ceb85b6d612ec08536fa9a580a5356a6b9345b4cc63e0af1e30484adde69aa9c84f00701526c8e3e1e194a6f67d45092e2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e3e402cad02f0b585b6dffa8e65ae972

      SHA1

      3cefa9465fe64c910634158a1cf04c7350a3fba9

      SHA256

      5193d7e530994db3aa799a215848f98adffcf367aae26635ae666dab44c985dd

      SHA512

      4614ef1c260ada4b32e0fb054ebdceaf4c53cc259e07a08d5a9b3217db544510ab9e5abc06497437921ea8c5d919b14d8d060a8c453b48601c0e0dcc4a648b30

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      296d364e7bc6f54e3ccefa3724714bba

      SHA1

      6b575831c950b5809bdfc3fd84e2b9b6e5729ad5

      SHA256

      c255eb0242e00fec74cb57fc29027a70cfc39390f1eef62bee2509e262a20b3f

      SHA512

      cdcad62367ee41a15000a200ad741054b65d373969779840eb5e436e0c719853f850218c834187816452f1a05146eb1d37a930712e13e505b223d92840a05178

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d4ef9c5f9ef3499e11e6f20a5c890283

      SHA1

      fc4766a5b766927f12ca1f805130e091e13f9c83

      SHA256

      7fb0f263758a8095394f42c3779604f8a4d2a7e51f88c89bd64e29b6a0a77528

      SHA512

      ccc2fc10b3c66b2267f6195db02b7a0138e4809b3fee33f6935a86c07731db1743cbf69ee7019b9dac2ddfcb2797059f44081fb575de8deae4f6301ca50d883f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b4cbffdabb3054dd31dc4a9499618ea2

      SHA1

      b2279746483939ca557cf0ea1b9303c565d3e6b5

      SHA256

      9476f29d174c4155c4789217df96ca3240dd9e819391fc8bf4c64c0f666e28ea

      SHA512

      7d75e7a236f851c8a47ae9a1143beef7cc9ff72cd5f3d78b1bb04f73ba3c0abfbca055d09d819cb5c3453a4c7db7c23ea45cb800038258931e80e02b6efb411b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      51d7fa6bc2df763dc6f27d4a35b8ec64

      SHA1

      5c995e322951ee0f1482851e3c0f58a009295bf0

      SHA256

      c8c7f977b080d80659eeb8376587578a84820715c3140ee9dbb9bd9d69a62a0e

      SHA512

      e41a882355a165f887da3dcb82ab34d3f34ad3a687f9aa38e538c307b7cec0b93bb7733ecc8a191906431467c9004bf11c9b3c6e15a489f474db227050d16874

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      750bd9ce3e94b70b23c065ca06eab687

      SHA1

      aa434cb264e0cefd8213bfdede66ad60638ce565

      SHA256

      763613742c4191862ec9b6befa7560b3ace6a24058e30c41ed194213e4f1c04e

      SHA512

      435cfb09e1b31bc1caa957924bd2175d3ef9f4d997d53a96aff0085a4a89fc257a6775c16ea154a798c1f851e3bbf8f7f51d819a41921c99a8e48fe99f4dfa6c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e70535e3f6c5bdd0018e5394301c4f39

      SHA1

      e95b917f666a6189975ddad2d277246e9f25110c

      SHA256

      982b5a8cbf3a41e506a9443818da0b84af366b6e66d889aa6eb37d3cb1891771

      SHA512

      eb48d28dd6677bb13ecdfd23e848e0fda8853ee158df6c87247b29d86cd99af2d91b577376f37eaea136e7829d6fd7882b723f670dee0730de267c29abd0fb9e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d28ef7735ad382d4d123a2ded66f73f7

      SHA1

      75b9063b00bfaeaf0a42b5a6acd6ba1803151ed7

      SHA256

      14fab02969069fbc3bc9da244a6c9b1510491be2706fddc814313c66746d09d8

      SHA512

      784d11b02fcaeba789e6eeb773a0679cee8bfd0dbf8bd938af4f4f331b4e9754323e801d315e8e90a4799d47b32ce11e27c99d723c4963c806537c78cc690e89

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7a26d32da560c28ffe5e3ffabfb190ed

      SHA1

      2c32284a64aa56b9676c32d9023d197c4ae43c4d

      SHA256

      06baaf04168dddf02749a347cb2b65edb8444bb8bed62a571c72732a0803b3db

      SHA512

      9ca397d5bb669e0d77923263f1376ea6e6230dfacb2a1086c459a09e1c1714029eb46b1dd883271ba5ff423ccb7315b565af7e1ad6af1bf9daca13699f9e1281

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3db575f41fb8d08075cae17b01375f4e

      SHA1

      783501a6707fd7b30b3468e1407461c39e773b72

      SHA256

      487c2d1c27faa9eccfaecbdffc61282bc8c4c483a1182185f7101f132e00f782

      SHA512

      a9dbebccbea3cff1aba3182749b270686ceb3cc17af4dbbdb4254792a913f7d2aceb6698bca1a445ee31572bfa4cde059bb6f4a14da883e0c060bba148cc960d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      85f67ff18e8847f2f57f78a3c9c8828c

      SHA1

      0bebe6b6eecaaa0ab7e52bd5839112e5151a1a19

      SHA256

      6251f4bc605db2851a1d9d85fda82e479ef975bdfe7081c2229f2ec0264bec70

      SHA512

      10c5c844fc90c0de5d7201554fbb0fae6956a513093a6297c9b19eb09e52b3c69957115337d4c1a22281990a9d1da843df4193e9ff2138f13bd507fe4800a5c3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      33eba5a9501225804727bfb78f65dae4

      SHA1

      aa9e64cca1b48659ca57f5ebfdeb5f1db7d46f5c

      SHA256

      d344c2f2efe5da95c2f2d6dbf88252cd790252d8226448ef11049b5223d027d7

      SHA512

      6d316f1a9e12a96c3ad3deb3afe9195ebb7dda2842b160bb5fa2705f8bcc05b27408489e53a5904ef3b66d5e35b1d92d4a817091d55d8844a70ceac4f9778b94

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      42618ebc60c9fc131bdb4a3ec8418377

      SHA1

      4defb2912136c822bcb379d719dcb11d6e62f1c9

      SHA256

      497c491442b4447fa888f883e92d3cc61e17cf745a3b0d63c11882eea52b0595

      SHA512

      dd8a2e91fd3f647f979a9a90f20caa1d24b2a2d98fc2cf5e35bb334c2def9f0ef9f96d2c6f6cd14d624513de863a3ee805683ff23f31deba8fdee8004e94b642

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      22ad8b95aabc7c2a90dcb0768763371c

      SHA1

      c06a29aee3be760629a6f8168d3fae3421a97eb1

      SHA256

      8c37abfa78680b6850a07f2855fe6661f868c0d3c4fcfec976b01a8518e5fc7d

      SHA512

      d3ea8a0e06de5b5a10f44146660f6123d3096b2d5f0c64d4ac9e4a92b9d93ef2174ca9064c22a70bb016ec2130e7666cf4ad757f70cf327f1f80d5157b350a22

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c92c8047882f62fb2da7945942dea177

      SHA1

      ae7dbfdb50b71bc595175178ad7b1aa00b195bb2

      SHA256

      94df3a0873e48f25228fa6d1542ae5c2f94a5737d2d7b966fda12d0490758be8

      SHA512

      87c09c997cecd82096fb7e43f004a64b72239b6394e5b828fe2758207c7e5f31ede18efa5c010e54a201c3141ed359ce823a70c5d57becd940b743d0d4e579c1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5d5d17343a3a2a6ac729da50bf69eab6

      SHA1

      8bca9a553d613ee7ac0b94789f4c163eed4fab0b

      SHA256

      b133c797554d2c80fac3eb9816277c8d464c19bf1b5cda090444835eabf3e6b9

      SHA512

      980ebf8645722028f88074e5be8737a6dd432d13dbabeeb57887225f405530a4f5a80ef89486b5412d700088cb495e5532375e02708e6f36558e5d4656d565c4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cf5b062fb6c0a6ce65b1588bae556366

      SHA1

      321cd9a95d06d742f9130ebcd790f6cd2ee195b9

      SHA256

      2f4eb9f83a73afb26075e6380d131362322c9a7670067a3620c6fcaa6db9f296

      SHA512

      bc6feabf6ef4a190e2d4b157f5f9838654bf848b03c8650d9446a4cd3a89a4dec4bcddc2d70f90d5a4cef27dba9ad3f992df3d6f3a21d85e2bc70cebf86b9229

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      95b218c4d17ec42c9f6de0cbddc776db

      SHA1

      a5d9385c619332ce99a9f1a9bdad06b2d174771f

      SHA256

      2d16985d85a7121c0ea31296e680f73441f884228cc7644939f39703b48d0f59

      SHA512

      860a5dec11e181d348ad65d58a517462eff22072deab444a644b8fb88e677b35516708998b2734e3ee0a11bf918c67b5e566937b60b50af96660c5a892269d9e

    • C:\Users\Admin\AppData\Local\Temp\CabFDB.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar10BC.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1424-493-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1424-494-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

    • memory/1424-495-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1424-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1424-490-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2192-483-0x00000000002B0000-0x00000000002BF000-memory.dmp

      Filesize

      60KB

    • memory/2192-484-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2192-480-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB