Analysis

  • max time kernel
    137s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 03:56

General

  • Target

    b19fe3f5206f751bdafe91dbf11eebd7_JaffaCakes118.html

  • Size

    155KB

  • MD5

    b19fe3f5206f751bdafe91dbf11eebd7

  • SHA1

    e1f9ca8066b086ad5765a61f6593516a8e43db8f

  • SHA256

    9009d47ae2b2fb3e274791f8027cc82860468d552b86b778f2c9645dd3dc9b72

  • SHA512

    e7959e2c8f7da45088d28ddc9946ce17778336d64fe09222cb65eced06d894e5bdb591c0dbfb6843e302dc04ee893f45a7ab5610c187f67b28e3579ac628e905

  • SSDEEP

    3072:i8xcyQm5vyfkMY+BES09JXAnyrZalI+YQ:iOcyQm56sMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b19fe3f5206f751bdafe91dbf11eebd7_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:992
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1020
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1872
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:209937 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2300

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      c3ada1ca6e351488da1a1d32375d66fc

      SHA1

      e3047ef50c815e8d279973c421202fc846b460b1

      SHA256

      f7afd9c528159d4dd4bad9a055a57b21efaeeeee7ff2797fd0f1ac726ed87fd1

      SHA512

      9106fe00bfadc863f7b591d62a97a776fa3f32d2e5a44c72e3d76fe70f4fd979adf3a69bc0ed2c8024e5d87f34750c2d92e8d7baa5150f97fff05922494b239d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      6205e01e20fe7fe7cba7a8d5189bbe6c

      SHA1

      4116abd08c9d7d25110549fc17a72610db493b3a

      SHA256

      60cef67e8bdaa540e6e2a5357155b5cb6c0882c7b541eec2de237955a8bc21b0

      SHA512

      7e3483bf9261c09d7e9cf46b26df5fc4e8f0306cac18513508ea991eecd190bef08a09d531a92cfbe1ce909449321c9e0bfb711d55942a6b2638e166bd01b30d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      a5ddc0123ec9f875a7070b0a5b13c996

      SHA1

      4a79a867352334323c4f55b9b6c0b569bcadbe70

      SHA256

      59edb555e5902b69ed101e92fdbc9a9c76b2dbb6099eeb46d8f4176d36f5b768

      SHA512

      b933d53050424fccc7fded59607f7f31534c635cfeff043ed3ddff5231fd762a01a59c0cca5cf245f006760c286b56ac3a080170ee36c8fa72dbf5659b888966

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      049a288225c4c1a5f81214e31700034e

      SHA1

      5989bc147c115e7c3f27e20855e3416c0ee3de90

      SHA256

      5a70320ca14ef85dca814f33348dabd8e5693f07d14dbe494dd037b280ccf62a

      SHA512

      87a9abc97ecb0d97edba32ea18fa32b49c898b31be8cb953aed1b756393849c40e13342e00d5b24bce86230b782ad8c3c727143647d8c1dd2271fd979b64d815

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      ae7de944ba607f2dde47138b28981c90

      SHA1

      3abd3d3813363ecfccc7dfebc40dda045cb691a6

      SHA256

      ae4ea3c37a10d4b39373556de1b74af707495af3bc97f9bd748e03c2d71927cc

      SHA512

      2bb9f207ccce66564292d8f865d049f90c58af67367f3806d2e1f3d83687c17cc2fa43887242bb2287e1be2685bba8325be8e840d1c1c840652f2900a20963ac

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      8c96a98f284addd5d92f0a9c48f4784d

      SHA1

      94b65e15a12d53e84f2e75f43b289a06797876b8

      SHA256

      45e9c691e85ead17b767f5066d3df64c0703ddc7cf7dc0883c4d3d1fe607dbb9

      SHA512

      13d5ab1cb083a99fba15d971fc463212823b7885e3bfdc5bda9d300fcaed71a7058f17a364ecfc4ab51bae184a5637bcd5933fd5cc0d71c1ff94123e8f765f42

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      914f21b9b3f34e57f96210e5895bbc66

      SHA1

      62bb9b90e2bb4f02b438974c5a31467f3379513d

      SHA256

      720fcae54997d3bad4cb948048d98a591436af7ad7b372c329fe66fa76187325

      SHA512

      31f7cd3fa819baf8e40222a0bc05bec49f7c85a83f9829b47312738838c552f79370b54e3b44325dc5b898414cb5090935cdf102d03b68b8073f64431dfd70b8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      edf1858aa3233a24eb873c7797358eb7

      SHA1

      e1f3ebdace5cfdd7fbfd8277e5287d8c5bd1d6d3

      SHA256

      fe667d7fb403337fc64286bbec036532842ac9784fe37ee046e0a9d2ae0726b9

      SHA512

      1218dc59718c8f74ed069e03d9888544e00913caa8e56f13e36b4db65d64fdffe6ed71c59a23a01a15ea39cc371baab2aba0f3fa8647b5eeb93893519c8e03f0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      b28c8606dd8d5415f37fd2ef08088733

      SHA1

      f66b8d7e34ca28e28b5facb8a306ee452ff6cf87

      SHA256

      e97beae5d6ae6a921b2bf1a5b60b7ad749dbd8e4cbfada52e57c54161d80b3f0

      SHA512

      6e321b6472f2db06475e380fc727e056c609b0880b0015397c7e9240b4baf144b7e95b63625214454742c87359a2d6e33058b528ff8d63472915176b74ebaab8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      9deefafc6c49d99df796865d597fcbcf

      SHA1

      8d5b3cbc422882a92a6a9679d393eb32a6dd19d8

      SHA256

      81a6a81121fcf63c839f3cfdce4e9c41b9c288b3062c6829484071f3806e9411

      SHA512

      82c23d0b8fbd22972a2b51438972defb93d6db5c1875f1eb021b96180ca54bece1cb86c832afe3960ac88ab0e529528c2681ec0ec40ef17bb1b27aea03de7f2b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      8405fef07a18824ccb63031228afc8ef

      SHA1

      ee3337494cff6e6eb023c20af37809bbf5cd9021

      SHA256

      c1cd8afe60a2144ca997ebedec615b1e4f614908bb4fe4219f6a6f3a60a3d8c5

      SHA512

      53423fd777af9c13b3c25d48f20dfc74cab1a9cff44e98c7a4ba661ea1cd2fc8783740eafd0b815a6d3bcd2ab1e8d8bf4d4981804d7f9cf8e4a73f4f6d25256d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      23d00f8bb1a39559622f4576d486a491

      SHA1

      613a6d74e31ce2968402b329161b53129e93938a

      SHA256

      3be6e9c218721e7d855be304c303edbd48f06c7af9fa29abda03ce794d9b07ea

      SHA512

      a3ad2470e9038a12ebf88f07a34c86bcb81d25a646ebb39fb507a9bf4b18b7da86b4a8da0b78a16c1bda2d6418ae1202acc2452907bd8fc25fa5975bb2cc0aed

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      8575ecca1abb2fa4bbf1df43985d2143

      SHA1

      d9e54e35b3a73179cb338651f1ce523bd8054ce3

      SHA256

      58c708400eb1b72e3685e3881a32a605ce825b1bbb50d556a76fcdf6fb5f5773

      SHA512

      4e4fc48b21003c2d2c9f9626c3c1b2d83390129f6e42f4856097ae458b21903063243417dcbae0e85437f75c8d3a1cf81f2299653a5e4b2f0e17035b61355896

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      3de4cc5ceae4e5e34a3dc161e9604738

      SHA1

      f7db79528dc71693a293c5ebd8a1b736720621b9

      SHA256

      c59e0f873125bb9ca7f9527a357d2e8b888b769cb69338c9471b545c47e003a4

      SHA512

      4341dc9e3070a1a8c1c9973800e06ec0f5edda474078de7d08bdf9e514c308823b31c88725fbff47213b719425b28d066e0f2d0c44a8ff53d7501581e5c2e533

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      e658da9883d0fbf6161c1716be9684dd

      SHA1

      69e5026a7fdb46c63143a5349d06715c983f52db

      SHA256

      7e721588868fba3a46520065f79003240258c8884bc968087f8b7998ef64f7ff

      SHA512

      f4291038336d7cbfc76b241520fc76055974dc1ab49a81173ccaa505fb3d1fae926df063ddc9417f24b71c5eabe2506a4ddf9e6e1da3440f2a7b7c6b5cb1ca49

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      0bba6a6a0e5996d6fcf2c73a21f2a141

      SHA1

      46199cadcd4ce4dfd73594295c18e0d2a0fa0035

      SHA256

      116b1101f04525e7425738894a55b9c93d5e88714fdf44570db91569dba99722

      SHA512

      50809795feea91d2e796ba370d4b23896b27a4b456a5b0df42c84d5d86075c0af4b69d9193cc61a9631041057620a018d80063466d595931d90afc6c83e9cdcb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      320fce31ddb79f63e9d5a7131024da68

      SHA1

      cad5267e272db7bb96f77fbe6649c41e72e72cdc

      SHA256

      21a33739e9649ed1681587b9fa8079ddf83268d3f1b17b8a927be88b8fc3d181

      SHA512

      3907975dba6762d3a4c9d380e197fcb82ea86fb51e9a514bcc6249d532da7e7cf8389f4f7ee1f46b36a3a619444abfdc3fe83b3334f85c389ae753f1486fe1b0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      5cfc1a476bf2bebb41e5cdbf03aba642

      SHA1

      e6a78ef96af317888970e3e778cb5d032863e8ad

      SHA256

      94b944de912977118f5c7f5d5165bd80ed128fd6a9e37f70fc80aa764ef3970c

      SHA512

      12131d1c8052ca859a260e1f52f1c4103aa5c7382a222f8dd04d7fb03111d15da09affe81e4ef48868e6c12ec75b51919ccb35f8b50652c42dcefb20b9497ee1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      304B

      MD5

      3d290e111bff96ab6bd02752cd9d779f

      SHA1

      724a05f0ed8dac4d73d8be45397a8f634112927e

      SHA256

      6f75e425c9817e0de76ec6ccf4dba637cb6d918c57815f25728224c2b2adc706

      SHA512

      9d4454526fcbb6733762bb27deafc94ba1cf3c50b759624d5acf3eb08f2b75f34123f7ebd5bfe7167322b81c3cbdef3de5a89859132c477420115fef410ac42b

    • C:\Users\Admin\AppData\Local\Temp\Cab2D59.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar2E3B.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/992-487-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

    • memory/992-483-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/992-484-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/992-480-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1020-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1020-492-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB