Analysis

  • max time kernel
    131s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 03:01

General

  • Target

    b174e8787684b8ecbf981b1d8afeba6f_JaffaCakes118.html

  • Size

    160KB

  • MD5

    b174e8787684b8ecbf981b1d8afeba6f

  • SHA1

    91c622fb4bbe5fd8e0179208fdf5b7e78bf3e1b7

  • SHA256

    191f3c1d7ce861cebbbf1e4ab8c395692ced4ff0bf98b963e2fbaf32b7a86a68

  • SHA512

    6f006e151dffe9445b4d7a9e699099098c7fbc06423c4057e1cd00f7c36298dc96c2bee977e5f7da482fc261ecfa60e536bd10cc3eb140ec307eef7b7ad8b428

  • SSDEEP

    1536:iIRTwbVBBqKIb7uNYeyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:iCUNmeyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b174e8787684b8ecbf981b1d8afeba6f_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1188
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2896
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1028
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:3012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:406542 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        PID:804

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b99b00bf4d0ed93cac720756e30db0c2

      SHA1

      09848886f03a005158031681dc3ff014b0ca2848

      SHA256

      7c39323f67a31f69b8aecb6e9a1388f65a7bf71b9bc715c88126d1dce4a12d47

      SHA512

      1e771f08b4e87d0dbb30fdcf13221f2437e1c68cd2959ee5cd14ac201a505993128dc5e21179bae553ff05a0f8cc707e9014933b765957221e7b5bb4cdcfd9b1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d35a794b7e1e00adf777b7f7ca113556

      SHA1

      4c492693d79f717efe11ecc2840bce09aa44dc30

      SHA256

      b42746511a7163c6c9973ecdf750e17448b1696ae4e171d8f65f4095850df446

      SHA512

      b37548789ccdf88ab87e9582eaaf0733d00ce79cce857d5a3a5be958390eea0a3d4013eac646a370609b2ad2b327609ef96c096b28e4d1cb17b77180b47b7191

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d30fbd3a68ebffeb656f207cc4ab3437

      SHA1

      07ffc5ff1b1f3f92d742e5c997f16e7b77ab8c3d

      SHA256

      f5aa877249632a5e951df7428ba02b178761f042c417c38ddef1e9bf76e2244d

      SHA512

      cbcf1422601b29479d714b5c0cee90c1e147ea085ddf3dfac100c02f346ab1eed53d244d9b5d26759abf84c94953c5a51f464d14364833535eb8d132f05d6e81

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f5d0e683e091519a415d87e6d4d2a70b

      SHA1

      f651ec0f823a6647dac646dd4e2bd3c3aee413b0

      SHA256

      472185d7c0fbe095b8cd295bdaf1c92452775a1f737729853d251eeae275f123

      SHA512

      b5b6dc37d3342c4e4afe50315d88010556815267ad062492ef99c367ba0c5aece915f89627e967fad1226cbafb50daa3811dc0f74f4b4fa33a38413fcbb8da09

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1c38f7fe03d34504444218b24e912fbb

      SHA1

      976a514269b995cf2fccaa8175627cbeb83a9820

      SHA256

      6dbd5f08132ee0df6cdb8bee0afada76cffa6c258455e9f9d98056b4ee0317a4

      SHA512

      82734b0697808510e3560c2845c7b51519ebfea9b35fbc46a95d3d4a022844202cbb13a1b06df0171918205542ee3ec3ddab8ae1e82e025380b093bd884f4b7e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      225c2fde006fb99391d5e71482f09bd8

      SHA1

      fabf8b6e45b5bf9b51df91cc08b5cbd657940db6

      SHA256

      48bbc9cd87a568d6a0cc030172f3361a5a8ec863dc4fcb42f7212f1c2b9b7ab1

      SHA512

      e97ff70654b0bf579bb210f3230e29e08d979a45b0fde60f479be0c6f332a680f0470d1041b7e8f9d2cece63bb5218217625f6eac831790f22bc2dcbeb0ec3f3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5b0ad9cf0eeccbeeee319913b88212ff

      SHA1

      1e10ca9806a11b66aed5e579555a7ca780950bc1

      SHA256

      bdb11a92be1af692ab3f940e7d72673bdb87d97e290132f7ede895ac11a2b00f

      SHA512

      10f5081144f7609e93b60fab7a34e9f8e79ce72fc8a007a7124d881f7cb89983aa411174b9ceb0565b2a8ab2f6bc28c1c3abc3fca8d3543aed536db58bebd38d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      dc273ffb017179b728077c2f261a47ff

      SHA1

      304c46205acda530db58f6919b3cea2013cbbf6d

      SHA256

      5955036607fd5040855d1653c417ff10002fdc4646bb5f3161b550eecff8744c

      SHA512

      5913a291defc3f4385d4d0c7acf48020c4b0da53c7e5051b40bcacd943d7db658c1e088630ed94a53d3ea2cdb9d1e5b6d839446d91da8f5d1e77bc04e43a3245

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      57ccfce9ca64582f0f57250b1f0a31b0

      SHA1

      d421a7608c603901943559dc9f220f464d96f772

      SHA256

      d9657575a8ff49d0ac8dddb2b10288fbb3e0d6640d90feb8f1554fcbf732cbd8

      SHA512

      2f1dfc03e97e79760c7a9cd11b5c3be5bcf1595d16b6c1b9ea2780f90722d18168147cd1077f14d4e99bced00b0cf08672e91cdcdb69cda0487cf186d8355553

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7aaf08acd1baf61835c9b0c6ca1cbcbf

      SHA1

      c8b90f076bbc83c4c7938cbc51d4bd30bfe93b32

      SHA256

      649e6486ba435fcccb6465f6e1fc4c000d11d407c20569b42081a0bd0b5f16b1

      SHA512

      c2a2ce2c329f14b536a3047297be19a2417127c39e8963886552a14afd91c2d3c8c4ac11f2b92263f9f38e8ab89719770806c984654ffc9c45b029061532335e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9eac2023920925d2816468bae67021cc

      SHA1

      5226c3fac46b8716c787b1654423870cd25bd23f

      SHA256

      3e4e93b5ad7449fa00dccbae7a34ef10408814e94556787514b7594040a423ca

      SHA512

      8b6a59bcaefe4a3ad15ddb411e1a328aac1d940ae0301b988267a45d038839c3ef824549fbf704f84135a701c0572f7308e6e4ac686a3ef6b2c2c5c55c6802e9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c595f2d24d060f1132e202fa8627616a

      SHA1

      fab262b7d6a4135c346dd3c2eef143d534f0e8cd

      SHA256

      64dc93c35a19868b16133485bbf50da5a51e3ac26e295afcaae386875bb13089

      SHA512

      3006fd0a63431b465cebf3e0679a5f28058bdbd5e39eca3dc4fffc9d552c9c7bd73d3a6e1ad6cc78d80917c38f68f0067a079ba02d962e660aa2adb47a3eca53

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      02fb8865b05f28cbc3b16820d0d142a8

      SHA1

      eb8f96a601bd3b2a82a5877fa2c2bfdf68711cb8

      SHA256

      28727a6722d6e8058271752dc0838b172c1073cc560e8d312567261ad4d8c4b5

      SHA512

      52bfb779ad1314adb750f0ee08c580898c08dcc70d045a157e60ff0d2addfcec6ab2b4e178091c3b0e0e8fa2674910f12b623872060bdf1a6c7cbe36e8e3aa22

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      edb5ecdb7ac52be0255bf09765418aea

      SHA1

      3c279496b67e3ef847863658e9806fe8f56b3edf

      SHA256

      fc33930ec95cff1b7193852c126dbbac8ea0083a66a22da7edbc67985cd6c5b2

      SHA512

      caa19ae8054083b1a202638f7f03e2b1c013d0e0079e6fc21b327820a4d1fac1eeb41b0de85b7d7637f09f06dd0ea07298521b236a18ab5d80d7c7f034f5eafa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cef4fce8e0848d37fcc35b9b76e1b8d4

      SHA1

      f40635ef90ff687125408d56fc2af6c4696b2492

      SHA256

      34390c312690d4cc6e409344a6c87c3a3b84a85a443822f3a15b8ffd5bdabed6

      SHA512

      dbe94c620ff696ca225dc8725adbe48ec13c29eabe641f7334c5a76f7aed7366024ae73be431c74b181136ab95a7012f6799bee043874173182a13aa9c4b2b91

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cdc06df9c683c9d194787afb251b2bbf

      SHA1

      2293e8da7123775df5d5d788c0dd2ded4eba9852

      SHA256

      1332c49629278b95406fa3410d7d7923e25452d494528cfabb2b858ed036ac76

      SHA512

      3bb74feec13bb31356a74b7ffbb809ba1d52687e6ad86232d6cd412728a5c8fcb10d404bb035a0be5d4b86b6e43966512bc2a029024f8252535d9ebacbb79785

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fff5f133c4cd3f31bf54f186aa52b26e

      SHA1

      6a2083ac2f5577860daa77e8d2ee2fdb9036b0e9

      SHA256

      9db54dfd00521467ce85f2c06eafa2ae18a73edd62f325025c75205cc65b65cb

      SHA512

      f9a8af04e31bd1ba735fd362dcf78d8e74af0010a6894699eeffb503904ebe1e5a5535ce1d404f9a8b8c2826848fc7c7e1593dd180c047c9a1cee1cdbf427ef7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b523054ce19430bcf736019787d8e479

      SHA1

      e6edcd525f2e54be768df2314788c12f3d9eedf6

      SHA256

      b450f586a9f9b0d41ad27c0d26279dae848eefe80abde1afc8d739a4f06a5318

      SHA512

      b2f9587625002750a2dad8af20048ba5ffc2f143f677d1584c2530f1119c5ccb8b5e497a7ee2dd916517521811ac96ea54a54e0e89fe3dfc3d7f529b76031d67

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cc5efa2f3f0a95af878e0c08845dfe13

      SHA1

      696e9baa063891c3ec76cebc582248ffe1cdf025

      SHA256

      5cfa204c183f30dd102454708ffa7b6f12b52a4d00f448c003e9abe2d7f7b2e2

      SHA512

      53d955cbcd709b8378b81442e36a36e82b1d086d6955db1c2279ac9531e1904ee1a6931792a07587046b58afba6d0e1bf61ffad8be4ac4262e69ff1e74d7cdb4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      29d13cafcbae7a2e3a9fe20265185d24

      SHA1

      9ec2d460bab2e7ab5ea3f0e532581631c178ee93

      SHA256

      2947027e0e09b8545b47b2cf4a7edfca8bbfaa30e97747a6167d48cb00701406

      SHA512

      3b1f20e72d301a93bca73c3abd3e27073203f5d1ceaa3245ac82e40a4ce7148ae7d661eaafc9db12e86f21d3906691ac57aacce8399bfe60c8507b41b1363005

    • C:\Users\Admin\AppData\Local\Temp\Cab21C4.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar22D5.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1028-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1028-491-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1028-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1028-489-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2896-482-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2896-483-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB