Analysis

  • max time kernel
    131s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 03:03

General

  • Target

    b176cff0fa963a9bb09330867e187b88_JaffaCakes118.html

  • Size

    155KB

  • MD5

    b176cff0fa963a9bb09330867e187b88

  • SHA1

    f14f0940a96b64faf1def7737ec9369bd2d46884

  • SHA256

    22c22ca206ce30273ff3bf1bd16cff0657127f44abafba845b178419046ffcc8

  • SHA512

    60019ddd92717440185e4b71b68df3f2606a4ffbc8dc48933d4497a0c5c4f0fc166d4094411b809dbdc591792241221227a83db20d9b25fb4ec38c439bd0b2d2

  • SSDEEP

    1536:iSRTi4TjovI/z5yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:igmIr5yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b176cff0fa963a9bb09330867e187b88_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1756
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2776
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:776
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:3048
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:209935 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1808

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      252B

      MD5

      dc8b890b5a6bc51714bad5bf6cc57f9a

      SHA1

      1fe1d0a0b1e7eea89883eea12a8afb4033ec32a6

      SHA256

      e902dc1361db19da981fdf7d985d6ad566aeafdeb4e858465f4ab100cbfb4a11

      SHA512

      9d2f0d8e6fcaed8145ae22764f35b1857bd5125c90f9b93ee7fafab4d6171ca5eb0ff7ffddd720c7eaabb5f0b9deb05e523e8b34511349dea218dd110f9668b0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d79d41cb5da1ee95390de4d69335540c

      SHA1

      52dd74290f8c09d5ef292634d293863020c17281

      SHA256

      70becd3a5db609883c0a9cc9cfece17151e2bf09b1c8b4bf1c85b4fbbf5f7d3d

      SHA512

      ccd8a4a4d9ddedfd71f899264c828559a63fcf7dd150620ad65663e0fd55352f364d33ba748f4566485d3cfbfc89523c3da5994c25b43944ba2191ea3cfee728

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      08632a9f33f9d4f215cf695eaed0c798

      SHA1

      36a3e5c4f71edf97e7cfd53e9545699f73dce6ef

      SHA256

      6878aff0286882f3af8030083917909baf4a3514b8014d01ae09cd880113afd5

      SHA512

      29f861effcdaa7e7e98264b89940e4016e51bedc3a1d946cbeedc4c48d64cfbff2eca6b60f1866992d66ab76543774023b0d91975f61729073f7652b1bef0f44

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cab4f938e9ba21e4b4685bc14323cba1

      SHA1

      2a8c1a763cf6d58eb7a1387e3304283ebcda056c

      SHA256

      1604561fc79d0052ac6d694a9030a047611fef14db4d621d6d99c89a44274fde

      SHA512

      0c58f4f8d78d40bb4ffd0ba1880da98933eaa41621ef5cbcb29ef13c36ccfeee02ee2dce34c3d7ded2f6fb23a247df8f9ffd8f927de7a0f2346578a3fd75f7a7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4f2e9e31f7f8aae7494d266384b4fa97

      SHA1

      879460f3a6ddfe24b3f5cd6eb3f959134ed0ae34

      SHA256

      d456637d607730dc14accec2c9b57a9471a31f81764877eb64f34af70f911ff4

      SHA512

      cc286cd634fc18e5178dd0bd74197a0fbcf14593211ecd9ac12410407bd7c0ef85720b98649c289ef3cc0dbccb867ae430fe8f0c2536157603b3d9a83c9b76f4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a5a7d65c221bd0497c236e181f960ba8

      SHA1

      b34eb2942dbdeb40fbc6a166c9a6557359e12a23

      SHA256

      1b8f113b0d224580d2a1d70d23f1ba39248654a7f78be487dfed589f5b4d6671

      SHA512

      87fb686c6ae3f7e515a11c6d5e3755ef6971875af24b9c9548894a338412e6bc59083f97d091ad63b4a94fab408412edc2cb7d619a2f029edb89999b2aa5b30c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b3b3921f5028c1d13c70aa829f2772c2

      SHA1

      3fcce805c4fcb31126bc80f47aea88eb0961b152

      SHA256

      1d54f7673553f3797cb3f73e94feaa3a3e887e83d2834b03161ddad82980cd19

      SHA512

      0ba7e7a73f41092f04b63db71b4646fedcc10fdce5617a6037791ca8d3ab198e7680177afc1a5735e74e47e082f174d8446bb026c41eb6efd5d53723fb154911

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      318940fc3fd9e29f3173fbbabc191693

      SHA1

      944451b1ebb564e685c816f73098e58aba60b042

      SHA256

      d22856cbd95e6b01b9131d37b1c89f9c2af71ea4c2a53c00fbe4b269f8380507

      SHA512

      1abb5bdb87cfac6ae03e862888e009283eeb4f30603a3efc60b1810e189240650af69e3ae036725fc9364415e5f9c7980f655e13e0f434ae613954ed0499f08d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      86d3353d199820366abe62fd0f8bf09f

      SHA1

      96e39b0b1a64af1004d2bd40c1c361854a268d17

      SHA256

      e7cab36f8cde66326579a00f712d4887e040782bb5cf2f82a2b66f1258c3e659

      SHA512

      3ed0d5c9e172c6bbee0773875ed688241cf2715489fb9f766a4926b76f84d1704e8c220e8f2913b5900a644c97a1610946d5306f4f462364a65678ffa6fe5ea1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      79a9912fb1ea3f214890ea56b3bfbb44

      SHA1

      7a81b1bc1d6995aa3d469fcf643fca8bb31ce23c

      SHA256

      3f2f4725432826e200dae92ca85c42cc796fc70c59516b535ee561f8110e1fb3

      SHA512

      fcb06551acd9dd61f240036bec3117bf586465b1a0e4c6e1f1343d6206551fe26b4c2f988585598c3dbdc59aa58c2413de11bb3c4672913a05766cce601ae4d4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      34ba632fde8f413179edbe4c52646394

      SHA1

      f136692c99cbade511c92100b38f3358687894b1

      SHA256

      78d740f3e10980672e17203a7408ace93c67fb5b639e4bb7a39e4d26c4b42cb6

      SHA512

      e9478723edc1b5996d995b71e059794a49ac8b4155b91b1c7023c591071fb0f94ef043e3fca7b9d803d951ff77595302761cbf7a769aa0051f0e7a3915611e15

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      48d0edea4ce519aa6f4c1eb4ca0f7dda

      SHA1

      f20b792887312cdf911753c9e20e552e90973106

      SHA256

      1e8887240d19bcbd8c14300804d213b8bac0685fbdc831f18589fcb563e8584a

      SHA512

      99c175d790a44dd3e8d3f8faa81b96bc17da3811bf1f45fd141c6fde8990d1de50dfc806713a5c01dcd31d7e6d3bb5b98bc2393cb7c3e2fb8af123cff842d2b4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5aa8d197ffb5db64f97fb6d778469059

      SHA1

      adf19cad754c6e2bf7131aece1c2c1b67364d0a3

      SHA256

      c6c97e680ae7e82b86c4d4cc6a84c2670b3f4bcdfebbb373863a0066e5bc991a

      SHA512

      beb116507df94c2d75894143549568411f544e94526b98e2f5ee7593ef7b4cbcb6254005aa0eb389206ff33206dfb3b4f4443cbb8899926a74c033632e84cea7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3903fa03d266af6f05fc65a2939766a1

      SHA1

      9c212d06884744d2b330fcbffbff2fe15db43192

      SHA256

      74207c56885f9abff3b6dd28cfe08c2a79838ac76905e4cddff7d4c3b0227357

      SHA512

      8c5a5e9ef4f554c838e026810b61ffbda822b0d623f29c39ef93095880bab47431ed6ffb510bcaf29bd31bb3ea657f0395211755e76e42447d17de2fea628122

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      82dd03d71d246844b568ac16f2ccf88e

      SHA1

      805d9bb48ea963f9478bbf8f619623b13b84bc2c

      SHA256

      0dc1a36744dc6a0802d1f16523f98197dadef4e7377ca281f0c851f5ec2d9d17

      SHA512

      7434e5df594e53374ed53833073a3ac28ac6c9b87e168dd597a5d9ec78bc4815d751dc88ac11141749d274c170307b8ba5c8e3046dbe006519ef46d2dcfa2441

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8126497b5f91544d71f78ca7ca53dd57

      SHA1

      538eed708e7f3176ad47b8586d544423c8a62e87

      SHA256

      055c49dd70eaf86f0586efc9c271d4dba2cdcd45be80c83c74c6e14e7f199f7b

      SHA512

      0a292379b4ac2ee547fcbf4bf8176e6ddd21f1e6599808c1bca64844c5e74c1a47e32f543a0c822b5aa82d2bea510469d8ae8fe793056cb0028e25c9bdc1659f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3b52a9bbb099361908d00bfcdafaeb91

      SHA1

      24e3f738d6a4de8e1cdd04cf2d747ec89e8bb347

      SHA256

      c6b4b78cc6a0f72250a8e2dbea3da666ca85fce081d41e5ef0e56646ac0dddf8

      SHA512

      100d26dff78de355d88787bd9481155e98dccaa686d4c9f0a4d5e0738c74adb54d66d82eecc1c21e78dbd408ede80437dff0972ce1e798c5f55ba3ac985647f2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1465046436eac19ed88ea05a659726f9

      SHA1

      7cbee25683ae0dd291dd0904bf6992ac0a409dc4

      SHA256

      3b276b5d0ee5a8e767dc9a1cf428c6c22a05eff60b40d3bc06112a6596b563d2

      SHA512

      ed579e50694bb5cfbe76156446c5329405d324135a64e4a3bb5500f37abd25312d33cd5f1783511759aaeeb9a879ba67bd76ae4cbbbf3b61a9bfdffddb8ccb86

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      172ffc7043c7d8d64510fb94b15e9892

      SHA1

      954ad4568b238845433fec7ac2b2822f2e15cc99

      SHA256

      2f003c6d0f3e0e5fa2598bf3f3bfa403439016d63f0aca81bcb7a0f9bc90a755

      SHA512

      9c06b5ffd62baae00fb9817e613570b3b8a6e23fb9296e4f0f37773a54fbcd6a29bdcac3145b932403d3c57af131c220d2e5cac60cd08699088a54859cf75f5e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5e5bd7bc21fde712c9f4be56b0ddbb5a

      SHA1

      53de03431d99fd92fee3e67a667db26437d2c1b3

      SHA256

      8d53bbced3a719892c0ca4f868f09bf0b6bef99725c22149339fc9f486c2049a

      SHA512

      67e70e0b5c53f7d5ddec04bc264550230134c618bb51b508b64d3c12f9cf6e8d87458afdd5de3f5c85bce91ca4268aee0128ba555f895afd5cc9cfad1d3659e5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      242B

      MD5

      f3f60c70770d94e9a0dc3a957d9c1353

      SHA1

      9ef9a0b517753b247706af0ccd1e4201f5f43f66

      SHA256

      2fd4380cf41735780db1cfab292f6255b0ffce451da527c1fdc0243c1cd23204

      SHA512

      639d91ec212f87149980fb1dfc265b7a1527aebd0cae62e6e58c22cfd899190385beb493d93ace6895c7368d30c27c5baec12cbcecdece912610b78dca23dec4

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PWOFO6T\favicon[2].ico

      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    • C:\Users\Admin\AppData\Local\Temp\Cab982.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarABF.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/776-589-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/776-587-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/776-584-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/776-586-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2776-583-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2776-574-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2776-575-0x0000000000240000-0x000000000024F000-memory.dmp

      Filesize

      60KB