Analysis

  • max time kernel
    118s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 04:58

General

  • Target

    b1d3285e50d7a138918369eb7ce8c4aa_JaffaCakes118.html

  • Size

    146KB

  • MD5

    b1d3285e50d7a138918369eb7ce8c4aa

  • SHA1

    a90cbb1762717f3dc9a9d0a4bfbc26e9d7aeb9a9

  • SHA256

    88bf169afd3c2088dee82cf11f1de524a42701de400f2e20ea880ce1dcccdf18

  • SHA512

    3d4ce79e13383204cb817431b54730f6971a8fe87bbbf461aa4bd7257b6cf7ae2f72eca2f09c034a89e0a774b240b0f1ea7d165bac78318aa2be13a8020a06a8

  • SSDEEP

    1536:ajuowiyyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9w:4uo6yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b1d3285e50d7a138918369eb7ce8c4aa_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3068
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2656
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2692
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2748
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:209933 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2544

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      233b9ae4133435384c7e64bcea3c149a

      SHA1

      939fe59e06bf030e87be407c37343feaa0291ce4

      SHA256

      6c8febb96826e1bcbeb713ae6d88bcc0be2312fe3fc99f6eb7067d4b71afa507

      SHA512

      1aff9dbb99c14460fbf9fe1682c62c0edfffee56f6610e4b06795af29ba52758c03feaacfc48ad172419e816cc804cb922fbb8b6a6b43509b8f9729ee38a49ec

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8fffd7e8daadf42881b66d7f908a5976

      SHA1

      1dd6fb95526913b540ccc92a24ab18d87871672d

      SHA256

      e2973e6ec550df916033219bd06d0e6c6a33c45f2a95a70b3139dfd880743738

      SHA512

      dcae9f6aa8c99321c5e7899a20b7c49f35191d15940fac382990861d62969d547f9024d8cded9f63a782e33428762b705917424bdb6368ff258ac5b55c6bace1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7941aeae9e2553fceebf8b7bab063455

      SHA1

      41467eb745531f06426bc28c1717a0b3ca8ef811

      SHA256

      42aa77bc70973772da1f5dd98e6ef86c5c286828d2e7235e6881af71460f8d42

      SHA512

      161e8f72940c220b487f4f7823a3cab8b8d4c2c74f0fd3c3f3c059665d0ffb93422ef136bd12e9195fb602f79c312561deb881e8f83e4c92264ea2898a21f857

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      801fc8ac0454093ecd422e4fd308c026

      SHA1

      2f9cd4db8edc160a2b19dd2ebf2da55c17e30f7f

      SHA256

      f39a95498859f30770dd7bb1d3814db35f9b54354fa1f40f2596046e25d79478

      SHA512

      61a67f721b1fec9815c934b685c70c7e2c339a9d0052be98165f83be36a2bc3fcb910742ec4b58bacb2307d5f9d7a9da44aab66442c8d5358cd274f438c0aafa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      342117ab35af3cb6877b9e4f674d6acd

      SHA1

      976d1ae4d5619bbd73ee672872f0d6060e7b1d5c

      SHA256

      f868efd1257367a78a9a99096c4daead5cf0bf53b876b2f1f1f8858feee607e1

      SHA512

      203a8304551317fe62f09d44916203e957a93b0b3413c4e6d94409d40ce515acc33309813543412cc81b494a65e45c8a1adf006846fca45d6b4fd6e029fb765a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1eed02d78efa9f2afd105ae2d32f1e3d

      SHA1

      a1a1572d251a00c8505694446342baabdffa93a9

      SHA256

      4e1d4ac7550bc8d4d49298c50303d5224c9c27e247b177aed1953827965a9a5a

      SHA512

      9667467bda08110a2c8d617349f074ec1f207b14e7b15eb232f260438a53ec703e698589aeaaf156aae338c364e4f95de5ef9aaa2fdc03a110dde1d7e3f3955a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7019448de396d98e1c422ada8bff2991

      SHA1

      40c76e42caaf364f855366c7090b716b24531add

      SHA256

      48c438e1d87299c02875b4b823fa5023215d3f9e625d4a8d7c81b3e07fe735fb

      SHA512

      b190874e46477d94d0101ea44f28998f7a698868ddef6c7aaa56b971fbfe21658b1d0bfcfa8baf5871d30a86b0fce623346fe6339f3c2e784f145a62771fe14c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1be86caf18c984f4bfb8e11d1a91b128

      SHA1

      445917689a399dc27221fbb80db80bf832d06e63

      SHA256

      8643bf8d1fd32b0ef8a6be5565d0d9d8dde50dcb57993c6b11944746b327e358

      SHA512

      071b98f0f6b2dbfa643c51a389335a9ce61dbca29ca8385d78b45d5805977ed08b044007555d3bda6d313e45e775f7f13d936265ae891e7a28f4e7ae54b85072

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f471df33dbd4b788015930212f221165

      SHA1

      4a8bad57947303af40123c19c86565cf7f417546

      SHA256

      be90687549d310cc2700c2071ae7c76b2491ad3dd6031f4bfb094f34604b7c97

      SHA512

      bc4f7e526e97e0461a97b9816ed2dc16065b4fd6fabc69c3997a98fd476859b63533c22ecd88e958b4d34ad324811852b5b3b7f98d21c3604b6ba21e883cfb89

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d422bc99f53bb3267e5dd6cbac9385ed

      SHA1

      b70bce5c456795dcce12f6fe3470b3152c5c7ce6

      SHA256

      1efc6757e5712031f8adfd66c4b400cf16a947f8db302465ab096e9cb1f822e9

      SHA512

      c8d238fc6ca92e0369c0934184cd35ddc1e6d91ed1045248159b55e025783c3881e0e14be26f2896d01f9b5b80867ece51303853798f590997164d8cd9a6c552

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4e4743976cf4bfbfdf30c5840355c657

      SHA1

      ef3894e98e33e894a000f614f0cd9068051fe1f8

      SHA256

      ac964448817da216bc9867437ae09db668569ea887772c985d7137f2382dc94c

      SHA512

      29b6dc5fd78d5a8c27d9caea817c4c86acbda2b4f5756b285b9ee93e7e00bddb1397a92d1d1b569a89e25214857064144f4414ec7e63c215e4249b8be47667d1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7d2608b8b6fef0aa5fad653f77b775ca

      SHA1

      4152801d31edeef7bbd31a54314036ec5f0447bc

      SHA256

      7c330ee4c54b29c5e6aa4948d3ad6269be09f27e646b81403dbf2cda307c6081

      SHA512

      1e5fe96049d6eb35adb96e220a21efbc4a21f7dbf9173dbadea326deb3583e58fbaf6818abfd858e0c8f59eba6a0ce61835d3c1defa803726adeade204497a00

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      049718b2f0d22a7e4b3c19f3d6320ab0

      SHA1

      803d209d433d43dc95f6f109a40792b5f99f2c33

      SHA256

      0701340f5ac373c0e0ad250837e8ba0a074683bc77e4393150f9af7705f8ef34

      SHA512

      5e61273d8fff771b0b7387196254839ba81770bd14a5d41d61b518a8ae12ba0157dd2155db2f58de2e8609a6047ce2d2ab8c9d22c443eef435395cb135a2712a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      85962916cf7b8d1084f0d294d08fa189

      SHA1

      5595a0624f1f7f69b55bdde4dcfb0c053e59f5a5

      SHA256

      dc951d967b46ecfdae035839c8200a84c4bfd085cd27611654431464e445d283

      SHA512

      11ca2eb63cf53e03ff1c4e4aa822f27728d31a5eaaa33e811190c2b43c3fcf48e00e10bd116cf24d5d1cae78168db7ea22587791f7bb4483fd50fe8123b2c434

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e90a5421572ab6cb8d44a381c5022abd

      SHA1

      3096af31d64c640bb0d4f304f46e461107f7a06c

      SHA256

      5c93790c28c76e5ebd5dac53dcb2a5d8696f1cda4fbc76520a0937cdc592d264

      SHA512

      3438c475b795eeb7e9b6c4cdd34bd8353643ed71bd38dd28dd2d92aa5a4d9a60b73bc958925d2d2bf40cbd9d1d6ec5b8929b36032983da8ac51b9bd7d8954965

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      78cdba72d3ee3109ca1310aa9e3118aa

      SHA1

      c0a845b7ef2e6a4815ca9c35bcce485baa3decac

      SHA256

      eead949dd9bbf2fef55bee521400fe30aeef5d9165cd6040f5b5531fb1ee6370

      SHA512

      ea4a14357f4bec66388b0ffd46fa4856439753332d4dcd83242f0d4cb2d12ca08740b18059f8af214a8bdb524b8eb0b40e30c56cb332c890dbe6e95264d37f56

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f984ddcdc667a1170cba7fd650d08b88

      SHA1

      a9549615d721d2edf3cd958ca806a5ead471e223

      SHA256

      c4f89ed55b6b3c7309c7dbc54ddc1198d845b526c8048a28faf5a77fd76522a1

      SHA512

      13182cdc87bce4f16c68c288c8297e5e28d40dad76370ef71ee227c3ee4f53fb4d86e8278b4fa3197198694a48563f8c1a62d241467c2927d3050d205309903f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6136f0d4b71bc86fa25943889130d591

      SHA1

      562a95d5b2e6188922d1ebcb91614990f651da0b

      SHA256

      c2e0c01b8324aca6b5a2b30d8450a598585a06f39f0d9579e43da5b3de1814f2

      SHA512

      8672257c3a5fc9a03c9cda0a105ac7a7d496befb3688ba267bfd81541f323d761558f0ddbedceccb05317ad4c2a9b6c44566f8e7b2cc700f757db65bd26fd2de

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      901447bc10393ab2abf3f58073cc0771

      SHA1

      2ffdefc8f7fe1d8d505d6a083dddb2b9a7c50c57

      SHA256

      f53fa2fe4c8a14e8020bb0bffb59ebcd68b3ea8a77856f09ab038429c7e10887

      SHA512

      a274654207ead85a1fac0a2ef411113bab007b3754e3424ba42ee7df2dcbcfea5e138ca7a24028a41ce69b4f664d148a02f0e84bc9eee2b6ddbab5b1a2b80893

    • C:\Users\Admin\AppData\Local\Temp\Cab7D3C.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar7E3B.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2656-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2656-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2656-8-0x00000000003B0000-0x00000000003BF000-memory.dmp

      Filesize

      60KB

    • memory/2692-17-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

    • memory/2692-19-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB