Analysis

  • max time kernel
    139s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 02:52

General

  • Target

    b16bd817143dd8f5454022ee372d1e1e_JaffaCakes118.html

  • Size

    126KB

  • MD5

    b16bd817143dd8f5454022ee372d1e1e

  • SHA1

    85235e9ec58f8d5613f14607083a763088d64686

  • SHA256

    f1354f6d8b890f98ba7234e2aacec5189b1b668c669eed7b585835d96913eba4

  • SHA512

    9fa36613e9cbfbf0ef2df170f45fd3fb87c57b22b4474ca4ba4a18d08bebda1c20efad792a953721dab7ae94a7359626e74b898bca497a726c27b202b2c96b4b

  • SSDEEP

    1536:SFwlssyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:SFwyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b16bd817143dd8f5454022ee372d1e1e_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2320
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:820
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1812
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275470 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2840

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bff981b22b448bcf50ee6dc94029707b

      SHA1

      fa81c04f7ffda873c46b6e4f044a4ef0b2535dff

      SHA256

      d3d0cb44b836b795c96bf217093de3c91aa92c05a7455916fd9ce581a5a95d5f

      SHA512

      74eee4e76d7e15dc13e6aacca89b9292116c42b6a2eb55d7f430d247ff996315f1ec6ec8f15021fbe0d1c2a200cbf47fae9f3d840f7f8785110415fa27b29539

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7bc19bae419d497ae1132cedc408690a

      SHA1

      84d0d65e731213839d79cfcca6e8ab0477701ad0

      SHA256

      de73b87826c2978c03865d267ad5724ef0fe0cd47a4931aa80346fb65f79ff80

      SHA512

      73bf23ea8388a68f66a46e36c29bc3d0497ca9bd2f1cc2d01df4338f11ab9ef5ad109cef2609ca78e9a5d3bff359de1e4ba5d767d260e74d9b45e6e42dfda80a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0c7987b6948182f916d8da9c86d6986e

      SHA1

      062316b76bdc6f863118c9f273a295f8a4e27298

      SHA256

      8b1fb086cffc190f6061dc115649420d63dddb457c565a4ae0bea87f9ad3d828

      SHA512

      cb9de84d92b2c00e0cf2450f84af90a4d2f4a61451720f606bab3c455e1cf1f363f62e19c0d5cbf5b9c0c841192802b5cf5062f384ffcf33b8cf386bdf123a6b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d808e3afa6329baba91cc1fdb0557704

      SHA1

      e0cb20eb35de53d3efb36ac40e526d12e8501161

      SHA256

      8fcd5cfa3990b3c2fbf6e82d5334820ebc4270f05019a90b2d90d6366a9ac6e4

      SHA512

      a36ebf6c31df71d427d7b89b8b0061386f08867af0e8c1fb5e3b0a987d10f98dde99ff2098340cd7a7c8ef38aff857a6dc21edf5d81e130a7617daca37c97986

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fdcda0b3a288dc463abb8f28743b5848

      SHA1

      37c3c484d772f304a1f8d1d6efc6ae16f9d989b4

      SHA256

      784840693ddcc8d8c9e0b9fdc11c302d69afa25617ec062fbd4c283716c0ff6b

      SHA512

      db4c53e896dbeb9f08e21873f0665fc50ddab6de099970bf8e26b6a917db685204004d0568993e06a8676450c8fd59a4460dfebe82b7b630bdefd32e4af2cd4d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0300f6fc675c198556211e293b3898e6

      SHA1

      ffa6755df9a878400b2d81508862238f6b7a993d

      SHA256

      42940d3287f671074dcf31910c21aebb5842b18e3417e787d1a59dc3861b1b45

      SHA512

      2cd1f126482cc479d0b9258533a2f05820a84d8896299bb5da484c030a79cb6b7d4e973087635d3269de65a1032f0f68d47fc03953201c19da19defcc04455f5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1a87590e8a0d236fa1a638dd5c404db8

      SHA1

      bcc9173903f61b4a19da5fd15ed913905c9f2a7d

      SHA256

      763af33c1efd359e04ab2ea8a9f1ed3cfbd84cdcbdfee66a26cddadc3701b2f8

      SHA512

      b64e9dbe8aacc5bf2fe70f4c6a024a0df454da2051333ad797dce91889cb35ef3f3f64513adba9a18c188a38b6397030579a617293e74e208166fd9bcc3e1824

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      65efaea99c8fcb79aad82f9eb48dc314

      SHA1

      cfc9e918df38d3da06066ada936ed920ed354d1e

      SHA256

      9830630b11099ec6609ef6f52194d2cff4c4b997f35a7e5f726ab8318857c89c

      SHA512

      1bd2f57a042423407d647603e4517ceea273d20fa8b5bf42baeced88d4b1757378ce948776d3f770de3bf4004de284c6d5e27d493957490843a32da58455ed8c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      09b615c43479beae1307551e10849a1b

      SHA1

      9c7d6964ff079c05670d5e60b616642fad464136

      SHA256

      ef27008fea1a5f752022abd024aea3dbc5dd9e8a18c4172d1b680fe342e499c1

      SHA512

      1d0a37a1017fefbc24b60cff37cc704326e578ead8a29081785c6a6c67da91a2c88e7e6a926ec2075574237631306174580dc6f26bd9a90f13448c55a9a5ec88

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a0841b7f723f751972268c76fea001c3

      SHA1

      6a35a385d24a2c32de32dd6e947d59f11af89e88

      SHA256

      c4854ab05ed537c4a3f1b7fd7585f444ba0a7c1149fab356d9015f2e64c93a43

      SHA512

      4c45c23bc04f2d7ad874eae844800b67eab87a1e4117715fd42bcb025402acf13fe9e001dbf121b9e84c91f53bf677ebc315332d9a9a0e1aaa0c39cd3b89cce8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5355e9640ca75382898bef68320cf587

      SHA1

      5de49f2f821529325fd4e0bfc304a2e1fa3a68dd

      SHA256

      d46c64fe269351f6c08756477b285ea382922e0662b046e2b4885bd6f2a48fb1

      SHA512

      2dab32675a3df69c9ab544541f94fe80cad6add5e1a7b20a26646cfe49168747d1e8f49e2cd9bebaaa4bb28f7140ad8889433b351299dc8be09bd316b94409de

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1556d31df6cba2e5d4e769f8fb06fed4

      SHA1

      f58798be8375fc65ff4bf8547fdc5cfae7ab6602

      SHA256

      871e9ac1bc4f5d252d85b3fb2d137d5e5ea7a6c727c4fdceb4ab1169c0a66c67

      SHA512

      519167c25f772a5cc190ea487343f6129ebb1d41ebc9c197f72a92753f3c0de601a4adee60654eade0c16a78c252ceb99ae3cadd1b528aadd4ba10e219a65c7e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7e3b150dcc4e5b69cb74630fb20f93f6

      SHA1

      4e9c786bd84b85c6f4ccd374ad2217658a2acaf8

      SHA256

      2df6f8348917947ba8563d5cef2b6f417248e021452b2abc8f61ffea96254dc2

      SHA512

      f1a94e433a0b55077e12a2def03fd4a3b14d2ef7be9098faa04a35fb37c0d1fec328be478793e49347859337e6c2afe08d95b01b5d26de4fa23d22afa8cc5559

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a8829873656320eeabc45f3e565a0d93

      SHA1

      73f6c1847d40e58d4d5c7139588d92a8a1cd5930

      SHA256

      df2d48950ebdfc952c81ed57a561dd6c6b439b275fb6af8d9943b8bdafb68dba

      SHA512

      e44b2bfe0bbe418bcd347e97b2557bb14dd3d35611ba3b3e725ec10057a52d962a33d58c4c40019cd500fcdb2cfdf604bd018622afa6f84dadcd367f13fbf4cb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      825568c8803bd5caed21bbfc490ee5bc

      SHA1

      645a46455e662c1c7291f607634f05ee6b3304be

      SHA256

      5db5ef40cf58fcff7164c7a93954afdbd51e16526f7e210bc0fb604c2b09555b

      SHA512

      bb38787f8cddb028feea93424a79af92a0faa8eb1b8bef2c616505364ef582cdcadd79a613fc001da2591cd2194840b09056978bca651ac98e986e4c6fea37e1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      79a4fb38c90c7def87f499ad89af880f

      SHA1

      0ceee6d27359ed65bd1cb703f3685a45db8dcdaa

      SHA256

      c9a0bf166100d722a8d615433c8162c25109bc7657ea47001f9b1c78bb5d9395

      SHA512

      a53a9ba9c5e68a3e9720b06059be36ce2f043b5e09a37533c30a46287a1cd9259d038b4e473f83590e4529de4a0802345011ca67cad144833ee64c163c1984dd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2dbc1a9fffcc628e3a7ba56ea91417ca

      SHA1

      b77668e4f4c8d3e578395f691f5592514b0135bc

      SHA256

      db18be934da299bf80e9553cb36810df245092fce2e26487ca3cca9e2a01c491

      SHA512

      706f77ebe4016a59f596a5634560276f1f7c8480acb52739ff6a8fdd8b134c5191beb54290f5b3dc95887bba02217e7657c3f54ef0cb4082264b2e21174def23

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d8bcea6d2f6620978b908014a9641117

      SHA1

      2514893d2f109ee366c17e76d35dc31218a1c00d

      SHA256

      dffa1390095fbd18465eb77665134d0f7109d00a95bd8327d55cef678958260f

      SHA512

      249e6f48e7f5b371e7b9def6fecb7137689eef8357f4529c5b5210bfa76d543ab61378a6e37b74b5db730fe646133a5b3871cf06f3fd3796bf207265d797a073

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fc2ac9f8e2e77d0b898a2682701f39fb

      SHA1

      136c5b0db738fb4b13cd49abdd2ccb35ec0c1199

      SHA256

      e10aba227d9e54e1ce8f888e9b2cd74796c07713cd99d33fc13ff2c30b96f1ff

      SHA512

      fda7eb793b36a33ab04dcb35f92e4d5603a91cba1e4ddd21086dbc21e45ad7fcf64319d399845151ab6ae2c4680f9df859383690816cd0b06a7b11da152d0e8f

    • C:\Users\Admin\AppData\Local\Temp\Cab4F4A.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar5009.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/820-448-0x0000000000250000-0x0000000000251000-memory.dmp

      Filesize

      4KB

    • memory/820-447-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/820-450-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/820-449-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/820-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2320-443-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

    • memory/2320-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2320-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2320-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB