Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 03:59

General

  • Target

    b1a4683296b527f9c602bf5da3454f9e_JaffaCakes118.html

  • Size

    336KB

  • MD5

    b1a4683296b527f9c602bf5da3454f9e

  • SHA1

    25e43deb1562cba5715704f86973272629d7e195

  • SHA256

    9449a364254122d7444b970c70caee7bd67cb98be4e24f3b113b6591a10ecc5e

  • SHA512

    24d0dc3809a008baf70082b86f3448713fb8224d3a890e1f6f5226dfe5bb25927ad14155f0557e60a651f1c848019bec2d7961e372aaaa02a4c626b45b29996c

  • SSDEEP

    6144:S7sMYod+X3oI+YHsMYod+X3oI+YnsMYod+X3oI+YS:c5d+X395d+X315d+X34

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b1a4683296b527f9c602bf5da3454f9e_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2328
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2852
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2520
        • C:\Users\Admin\AppData\Local\Temp\svchost.exe
          "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2580
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
              PID:2480
          • C:\Users\Admin\AppData\Local\Temp\svchost.exe
            "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Suspicious use of WriteProcessMemory
            PID:1848
            • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
              "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
              4⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:524
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                5⤵
                  PID:2436
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:209931 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2460
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:668676 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2948
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275467 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:568

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          019a60619cc6d41d792c3fdc30e70a99

          SHA1

          448018746916efd331a42d35212d45c515fcadb5

          SHA256

          d9147fce1fc6249b0c6fa3eb1eb5cbb003126261f180ffd3c20b02949b234079

          SHA512

          cb5f9b474bc253be6418d18b9016ad9c8025ec82f85b95060d21876edf8002491d113542c371de905393dec604e4359046b5814de93484be8b06cfe8d27abc35

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          23b8877e5ad3e3ae7aafeb7ebacab450

          SHA1

          ce57a072be9185c3362679211d821c09693090bf

          SHA256

          5431a25417a173f6ef0c27972befcbd187b5bf89b16de40a66d88ebb5b477976

          SHA512

          9c90d477c841120adf9e0431464b009022ed2d69f78b498e66bc2f943a60abea3d5fff53153d977775e6ab8dbc73b5d7d49dfda716085cdd2e41c673db0f0a73

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e73251945240a20ebaf75256955fa6ba

          SHA1

          04a3f946549c9d088f47140aa4e4a0b196a6a718

          SHA256

          c1736aa84e8f17551476f016885b53a12ca61c2e76a3a98e08430f0696c0670b

          SHA512

          a809522b79623a6cf054d28f9ffea0d9f38946735d58dda223f6c41b5ab8e8500c96c8de7f574c52743cfd2123d719fa2c6a5a777fb57db842d4b24915ac21fc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fcfb3f0b107963ad2c8fc61804010fdb

          SHA1

          45a76d5f5081705568b5281aceaf4dc1f448deeb

          SHA256

          1db7eeff5679c8a84c9cb1eb303535a01c452983e4a047eff76318dc726a14fd

          SHA512

          72663afd1528a1bedf1c2a0b90ec3fc4b2d5bbbba1617cd669dc6b74e642b14a43e691d3e6cfd397d6fcfd8f037e131e4895db09af9800ef1573118c934f0258

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f854026aa9615483f27450217d25e1bf

          SHA1

          8fd9c655c7ba76a8e7d141289d5614da10575e12

          SHA256

          d45faeebbad8d0de26748103bd81fa89de17609297b268920fa8a5bec7ace8e5

          SHA512

          9c4f38c00e7719b7b9609c68c316014ffa75c1b1291dc58dcef2437f04f1ac3d9cd0c052d113bcf7fd6c50beb85378c5ea1114a8bcbf529c86abe27c5ae52f2d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cb168d30d401f3eb409c8feff8ac7b57

          SHA1

          77fe2d91032bee71ea04b053ac5c5ff9e8673eba

          SHA256

          dc14245cd9559edd93f60305e8bcc59b98559a3e3409069dc3e1faafc5af869a

          SHA512

          a41f2f619f852cafc44dfa32ce8c8621b4280c7699ecd95c792f75b3c6c77665813dd722177703685ea99a12fe8dd423002b362874074f487abd375021cdda19

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2c686781dc61648271a26f3820e1a74a

          SHA1

          ab92a2e9abeadf843ff58f09cad0d980853ab8d7

          SHA256

          ea61bd176e5a13398e713512687d221dc078f47cb8b98814c2e75465d583af20

          SHA512

          22d0af024b5336bd2f8e48e693f51f0da4a8de4ec57575ebecf7604537c4ab2c54fc9bf24ab43fff4a4f2be9bae5c7705e8aa9925f638783e1c1518fd0df7f38

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6febd1bdb7d0767e11ee3f72f83338a7

          SHA1

          044a6acd7e8f38982f8e08dd56a19bd56a5b711a

          SHA256

          d04277e457502693fb64fa450bcaca5f29580ffccfaecb7864703476047d441f

          SHA512

          52028941ef749539dc1854de429a43454c6c65823829d51b01f0de08c645fce192ff0cc7da35a849a26b3a3c2f9064536266e5d5c0f01c496016f3e6da55a1eb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          abdeaddaa75cfc021d3202383f960ce1

          SHA1

          b292ba59d543bf320f2ea761ce97deb56773a81c

          SHA256

          57c714149f3d04855b759e0577d8fb48431e9b0121dbd63b2c57b2195dd2376d

          SHA512

          27be1a0808cfc8d4751265379f93de7fe6be72f39ac56a18863b7c6db615952b75a17454b7b95131ff47846036b76c397feadcfb8e70750b9385a522ad0f09e9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1184d4ca3e4afd4312cd10937ae5cd88

          SHA1

          db3f323c231b2e9a1413e8dcd8a048fded661232

          SHA256

          10f013562ef28ebf8e17aaee7d922b3e8862ec7c52fba9facf98e648c8651231

          SHA512

          9722c0c81604ab8dc139c62b4f31ea5b85092ca84a2ddab5409a4a17d6109053f5ae876cf6cbf3b6464cc94607815c22f6898fd1e755151dd8f98ac68fdc0b4a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          15452e9021f23fbbb5ca66e32c87c508

          SHA1

          ed2123eb4a05b9a318f021a7f98855d9173cc11c

          SHA256

          76f72feddcf70d6814f438beef8b15ce19c207190c7a2bbd3772f4cc7e46b8df

          SHA512

          e3a2e071d2abafd915ff2d381a40317c49ab6f7398d905db8699cd1eac6f05483d6d34168f040d591134f4f4e2abf518f2ae9b7f40ea152943aa26aed941530f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6384f415c9caac7c198352c08db9355d

          SHA1

          e90ab24f90b2515bf8f19ee8f2d0fa0197f84e5d

          SHA256

          4853061b48113aabfb3d4e50741c4a240e14a12046963eee67f2e7c3a306dfdf

          SHA512

          042f1a4652bea501f6e16196a10c9c9cf69c27ddbc7f34907c925e2b64a94a9f8912896288109599a14d1c3785c22fd353e51c8754e1760aeb5a3b1d9b189e04

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4225c1a1e55d7be7a63c9f30f9b085ac

          SHA1

          c2800f114c10a9be2ebcd9b598d3a37109b65c35

          SHA256

          2f2f97e7d730688f9f31795664a856352202569e103780cad37820fbca11ee6d

          SHA512

          97a213a16a2d384281f5e86b2ce2248fb73ee5740572177fb3f8701a9fec8e24055af6a857a716dea0ab03e4c725723c4256232287099205b649796f5e676293

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          61ef69a4f4a7c7b72da9d48ad2af9ceb

          SHA1

          f91d09955d1cdd698bb1ff33d56ae1a43fcf7f2f

          SHA256

          6a7cc9b77d83e4f18ee01235d71330259b42a77ee61b11b6f125f47070dce7fd

          SHA512

          bff9a2bbc0f553b618d702b3f393ac9ef134031574831d0677b5c747ff8b0a5836f19ad372c5092e765712238365530be533464591eceb7f938582c7c39d1980

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          22ba2a3ea55fd6bcdcc140b345f003ac

          SHA1

          4039e8b1e7c9a276779db003748d565b7c05f880

          SHA256

          aa93670a5fa08619c72a5a72f624117d4dae144fcfa1029e078a5d41f385c4f0

          SHA512

          096d99dd351e44694c39c7a0085eb32b9edaa3b7ac7b901ffba23f283769c2ab6400b6839f0f4e9e4c1d71ded41df8f8c5798df2db7ba9faf27697a10310f9f4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a94412e04980e99992935b56a2c92ee9

          SHA1

          158acc5f5021753422e7a1921dadce8342af80f7

          SHA256

          8d61853eb672fdd6fdad2ea0e6a045f48747208c33fc05f7ee82ead5ed002e57

          SHA512

          29c96ff14e68c796bbc4e36da8cec88a2914742eb91937fddeb9f445bcfd9e3e8acc7481eec3e16a9f54cea41850e181c6993a6682de20a22206735a6e44840f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f653cc689d03bb9ffe21a69d76147bbb

          SHA1

          467e5220180eed53b03f759f1d408a8e27f8381c

          SHA256

          5406ed878efa868f0fac49796a38425d1c5c202c74a2f5ff534264cbe4898661

          SHA512

          82332257e04f558bf2b1c2d04f728e23b7ea8d7ea2a4a5291266009d7fbebd2969998d95750c400bb12e563894595c3f3d98f1185fc9efcc0a3dc8e6b757a7cc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          20334d3150a44d5d88152dcc0468e3ff

          SHA1

          778cd01bff81ec8dd47bfd2dc47a6cf745773460

          SHA256

          93d5c15f084b1b9393d6cb5d463d77100919a5662c32c0b812f4a3cd503b9514

          SHA512

          2620af4f136e0930ddf0b4d9251c836dd29bcf6cfd812096f940c8e1740bf1b38451e2540be6aabafdce1d1a9ff48df5c299c3399bb72592b690025a91906ae3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0e6259761ce4407726351b7a9f383dbb

          SHA1

          de58a1a05593422cdb303b44b3199ec14e160b51

          SHA256

          42d54560fe2efba18c587f8a527c4aa85665ca225e494150831973fb3be1e7e3

          SHA512

          79e18aa9998ea683afd15c38d3014382a13e220dbc31fbca3184cdec47c167a6b1dac8dcef69e40747ce61dc064e7a29a902d518650ad108b308f1c9200c40c5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          88e779e037b4d06ad5d08092cb2e6a2e

          SHA1

          4477f5aaf77f7f7d0f61a51e03f24e22ac36caaa

          SHA256

          80ebd70f7c9d846c3184d87f936322aaf67b61432dabf0fe0a33aa5277204f64

          SHA512

          5a2e7e94a500e21b0913c16c1aaf6b2b779b7cedc24b6bd82a93f614e996e50341a10bd62b5b97086efb6f587741e1f58ca82687349bc9ec4c716d83f3305208

        • C:\Users\Admin\AppData\Local\Temp\Cab95DA.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar96AA.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • \Users\Admin\AppData\Local\Temp\svchost.exe

          Filesize

          55KB

          MD5

          ff5e1f27193ce51eec318714ef038bef

          SHA1

          b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

          SHA256

          fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

          SHA512

          c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

        • memory/2580-24-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2580-15-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2580-21-0x00000000003C0000-0x00000000003C1000-memory.dmp

          Filesize

          4KB

        • memory/2672-14-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2672-6-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2672-13-0x0000000000230000-0x000000000023F000-memory.dmp

          Filesize

          60KB

        • memory/2672-19-0x0000000000240000-0x000000000026E000-memory.dmp

          Filesize

          184KB

        • memory/2852-26-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB

        • memory/2852-28-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

        • memory/2852-30-0x0000000000400000-0x000000000042E000-memory.dmp

          Filesize

          184KB