Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 04:54

General

  • Target

    b1cf832928bba1e48a9ff55b49669c1b_JaffaCakes118.html

  • Size

    120KB

  • MD5

    b1cf832928bba1e48a9ff55b49669c1b

  • SHA1

    e99ba3065fc58c3edabf7ceb5ca0b6e6cf5e1b00

  • SHA256

    85119b993bc8dd097e44f25e937f4cfef931d8ccc7b74e27db960ac61670fa06

  • SHA512

    ebfb1c148f769672611eeed121371bf8466140b5b2e2cfe120a4c926a46f8fc763f245f403084df4783686503c586476ebb02f142c2a3e2e1a7036ff313eec0a

  • SSDEEP

    1536:y3bFvDW7yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy+:SW7yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b1cf832928bba1e48a9ff55b49669c1b_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2212
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2576
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2720
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2264
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:209933 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2668

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      05d331acb3e917f7a627689ecc780824

      SHA1

      35e64a8f5773f4eeb84eafde4d4d477d28c2806d

      SHA256

      b95fec81a36989af4b5ea80938fd093371f754ff41a0d176c592e061a431b50a

      SHA512

      f6aa08e4b6c4d48c2b873985e7e945ae1bb8f9993077ae35b6555546caeae3f40eee3b50898dee8e9e5018692bfead3f16d16ecd6de382b76242fce3d1521812

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      04ed27841a623d415669ef5abc3ec8e4

      SHA1

      54115aec7abfe0376d188c10e6edcd8c93e6306a

      SHA256

      8e9e21911f21aa635692dd76460278906833d5adb31d6e109443ef07e2a768f6

      SHA512

      b499b6d5b9b4ba84869c2ebb43804de949470473af2fb359ebff49b732d00ffe71eca08c046e440bc00999c5d1818a00812154cfc0827bc353aa3a149958557c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1c6be2aaa9bc00e4a367858d7d22e577

      SHA1

      c276ad911046c98717da392591b37fc774e8cd98

      SHA256

      802d2af6230aa3028f074690e8163a8c3ec1166d4e8855399fa8fe712998e4e2

      SHA512

      dfecf63e37f1c918e7802d162b47273a7a70623166d504777033c8e4c63c09a30226e6723fe28fd45ad15450bfef4aa78f8437544902bb78f3d2c779d6bd196e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3dee4c04dd171cc2bf02006fad709607

      SHA1

      47928a67edb9d3ec473cf4605b1af8bf3fb0545b

      SHA256

      1e4228cf03f81a6a6a6c9fc08367207dd9d2e80af89932702e7753ea25a05cbf

      SHA512

      887373b59402e4eaf4059b8de5b5147d6266a117797c3022ee825f5531c6619c5cbab46c1fc2960e9192e6c77ea8b663e731c36b6a582cff7cf0b746b957f431

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a683a49c2f41ccc036c35dd765b77937

      SHA1

      f647505f83933def7003f0063dd754f71aa15876

      SHA256

      947715b9244643fc2b1f0c398b7ecb2b311646a18742b74409c7db5a6c85b15d

      SHA512

      c4215c118a84e3376f45b6ec0f660c32198135e0d690929cc05e53b4d43531f0676596037df4a770adf13db6b8b1094bcb521abe75adafed0995a05b26f4ac58

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0d7753f34af93317e99b4157c7e5998c

      SHA1

      4e86ec09ba8574ce8b93c006210214afe800bfc1

      SHA256

      40cffcf5718f7368bc8021fb30993a5b0eca250dc48b069c632803efc583c01d

      SHA512

      581233cb2eb5a8f0539eb79202df494d389ee499f88734ab81d843c117a7e9d436be9bfa212093c1c76a242764f9fba2cdbc59afd73bccf477c12c8e77de1ce2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      872d5bb237198a0d78e25934fd8c77aa

      SHA1

      7a14766134fd9164118b0282bb7097b784485c63

      SHA256

      bfde17c5b1fa7e9c6b196c6633866a08613b27154277785865a9c4b5a5f4674e

      SHA512

      442259b3127e21035da78814ecc591ae945a3a42b8adca47d9937878ea7b3f44b0ab808e45fcc7f03cc76bb5b909ee6bf17441c407374fab61f12b70f1898f17

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      76cf3d30a633926b5b4151ede94fc31c

      SHA1

      b872c36c0eb957273d0f322ab470d44760f8290e

      SHA256

      619665c729e18ac72e3a48d591f717c17a7d4a361ed4a80084f87fc06f9fb2ef

      SHA512

      c1d136cbd22fb6882247af9b7a71f104599156ede74ea556b11551c2266f5b2df61922621cacd83291cc8db4c3958849224da344034632f7f67997d0b0ee691d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c979099ee1d5b926adafcfff19fa77ff

      SHA1

      43c8aff0e0befcf9a590ac164a24b7c7e6887cf9

      SHA256

      a3b5c322d2c87e6d39b07d08549e71c0e6b612e98800877bf5fac976ddf6af8a

      SHA512

      9cb616421b5d7f4d4c557f383ded2d9cf8f67c66ff75f62753deeddc6b6f2e1080bb0990a7a908f7dff0e4cd2e6495e404f6db93909faf8b56a2cad9354ebe1d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7c1f25a9358e07a1c4c209fe5469251f

      SHA1

      8d7327bf45197769eb7a5c97d841c29738acdd40

      SHA256

      d3317bff838e5fad6dc5c649bd93d4e2862cd8b9b49a650595c678ff4764b6a3

      SHA512

      5f2166bc6e87f2783081f09edc8b4b25c63e71ef9f47baffdd73a889132964d90e959d41bdf433fb43b1bc0e83279130a938958af9ed6f19977adfabed4ca023

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a448c7267ebba115034de103411fe31c

      SHA1

      d79087a658a1dbc5462c99b5430caaac62f3d438

      SHA256

      e11ca2ea53be980644b0f105a35ceb9f477f4a63ac6ff45ccfd8c68bf661a70c

      SHA512

      467e3442b14983cb8d364be8ac8eaeb467353f08725ef67e8b5c8ed2a304c2b56c08b4d85d72b5e1e8be990179b5052323ff817dd924450877839969d0a495f4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      82b90a8fb0c3e53a9f72f2c5d97def99

      SHA1

      32165b7891e05430d28916379b1d4d82a9ae53a2

      SHA256

      81bd03b732963d64dc1ad301893f58f2af1966c788a1d06afaa2f622be42e019

      SHA512

      8d5ea5c4932856ad404c11635c538b799e1e7493224baef0c6412121a8112caadc887c2cac94bd21efc698475c4b0c22e27af42b2317b52d29a344afe66668b4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c4d6c02a1c37cc5be20d5782993f61d4

      SHA1

      5dfa31caf989bbf5b05e0ef6866cee2c58d82a5c

      SHA256

      8bb27d4a2d27fd7ebec866a2b75625497fa76802d4db9e4bcd8a091eab8b660e

      SHA512

      200a13e75702925ae25589b69b49ed44b70b081c8d5a7463b6666ea759618937870e201ae01c096d9635396dc3cb0c51d95734ece672a8d71d0f3a9fc6ebee5f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      deaf4b92ceb350b61baf2289206cc1b1

      SHA1

      4bd708fe3c5ca5b7d6b2b4eff216d1c7b1a27c9e

      SHA256

      0475519b9a4d9f09cb9b59d1a8f7ad0b6ae3f4d099bb424d473f27879061d14c

      SHA512

      b6ca7a5c4548b06a249233720d64d288c028b7d2b6026964aba61108e198f9e6463d5c8d735d118e7d3768124f91921050534af06953f527aac3a5b3a31b613f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5d01799daf68bc41cc94f3369ff485cd

      SHA1

      d5bf68b39dd4457dbc309c0487fca3167c440f2f

      SHA256

      a4332bbce2f877b22cf012308ab3de90e0968b3d21fad7086d5c0674a196a836

      SHA512

      bfd8e922398a61b3a49bc4e64dbb585c9d1432c850f189b080e62c26b1b53a0192a6ee38c6cf93179dd18ec9f7cb91c6fbc65eef6f8b07811103b2248c0fa41a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2f5811e1bc15e69273e94e13f0b3ef04

      SHA1

      53e6986ef7d83fe2a3925e71dbd1461c0fb809c3

      SHA256

      7909efea24f37327345f2689e57ca78fd62d825d0c2ce96d44084a9f3aa0f799

      SHA512

      90e709c619f3457323a16cae9539d5f520eb23c0d1204b375cd74a6c1c9fab9c5d8c886a400f9e142a159eca2ef51faa7be6f9a311bc1b02e798d549e4ffde8d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      972809a86ac94fc6e9ddfb231e0a7420

      SHA1

      86d04588db834e612e99095f3934c6d831ac8a24

      SHA256

      dc7b143c4c7984f24da92878fdfa55a5e27802edccce49662e12b2423f6a4f5a

      SHA512

      148ac89871cfbb7088f3935474cb4b70f109db117f6538506e0afde014736bb56d8356ee9d856cb445118bc28cd92cfbd6695435ce27db55e8b553c745106ba7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      91116f208dd8d8491938124243a0a24a

      SHA1

      828e30225be1ece49ec7ba7fa687715a8a693f6e

      SHA256

      abfc3c5dd299273d3ee8d4be3bcb03b7292625bd137ab99f2e1dbf4917c41f75

      SHA512

      c5b580aa0afbca4dd4162fa1ac56fe8f00c4ece1963bf7642719c28f57ad34ea0e0fbc212e6aac0f14919617f7bd5dd8e3511e8f77e3f337d24974a83a0d2730

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      53996b01645f5842750c26e99282903f

      SHA1

      2e9965b847bee869dbc6170ce9f05f99d1e36037

      SHA256

      69188adf9f802c97e77056e97b80020a45d665ea29ec07baab976323e214d580

      SHA512

      62c4c03e92e8115502d1f7ab2ff6fe05b9f1ed0c4632b1ae16c66da2be82151b7b4bde3d4a3e7c80cb1819f710b527072a2d19cf0871bccf6153cabc055db6f6

    • C:\Users\Admin\AppData\Local\Temp\Cab2D99.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar2E7A.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2576-8-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2576-9-0x00000000002B0000-0x00000000002BF000-memory.dmp

      Filesize

      60KB

    • memory/2720-15-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2720-17-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2720-18-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2720-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB