Analysis

  • max time kernel
    130s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 05:14

General

  • Target

    b1e0b8d6dcaeffa6cc07ecc2c34df089_JaffaCakes118.html

  • Size

    156KB

  • MD5

    b1e0b8d6dcaeffa6cc07ecc2c34df089

  • SHA1

    acbc3f3af9e009334c5240598ed745227d583b34

  • SHA256

    94c8195b3e4748949bc8e56d3ac7623e49a801d5fbf7c12cca37983e7475228e

  • SHA512

    7c8006df3750825d08618abb7ed2d05015470c06a32777f7c9212226be511823e26e93a0f024801e6b9e05abb830bdace1a6df2d5eaaec5256c200b4da3faacf

  • SSDEEP

    1536:iKRTvoFU7AVpzL4yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:iI5AL4yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b1e0b8d6dcaeffa6cc07ecc2c34df089_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2328 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2840
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1644
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1352
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1456
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2328 CREDAT:668677 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2724

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      252B

      MD5

      905ab860a6b7bb6ddc287218847fcf3f

      SHA1

      c88b79c302803a6356c75c43b90b2ce7e0640b1d

      SHA256

      6349326ad2d8a0959aea51ba859f81a9927816140ee3fa93b7530e204b91a81c

      SHA512

      8cddcfb56abb290882f3497fa5a8e6acd97be8f465c7077c608a4b5285a1de9bea9895f5dd852a8f6e66699413ea68b447e1fabe9d2aff559b2c2c2a82ae05da

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      86afc2ebf080619077d2702fdc90d1d7

      SHA1

      1aeb3d80276ba4ef50e968ff424965f5ca2a9388

      SHA256

      e71d12f50f3bfb6c87e7dffdc5ac7c4c235db989ec4d0facd9732f0df33b0f34

      SHA512

      1ec488b2e1bdcc75d2ea1313730d8719ee2b968147b7f6d53dc60b345bb98acefd1576dfa487c144a4a60a92edae86e6ab427f5a6a5116a5897ecf492bac5b74

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8a269dfd9b2ec2541b27b4336d1848a0

      SHA1

      fbd0b77cbc88c6169d9fdd677961fd3aadd4b217

      SHA256

      9e4e856454602f1e9d7b6323eb391f12de10f139ea93c0633aa1df4b3806bd13

      SHA512

      417747d1fa472fa751b62a6c74fc7194d05b28af2ad31ab4f5415ec5c4726918d5ff7fa612dbc1ab5a16b29a92436f5195cc62e6dd86cc01e2c682a524032848

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      af0109650d4db6b0b67d4af73cd6d24b

      SHA1

      51e2b8717e32603115629f39be76dac263fee8d0

      SHA256

      1a83910bdca7910fa68ff223772d2ba1428faef9675b4a8a08f776d7b02fa478

      SHA512

      e2ae1f1e7bae5ddf816191571d96f4397d8ff8f154b33dde42851bf10473c1855c2c3aa816cb9e14d6559ceed2dde7f4d2605bd42cc32800e2a6cf901759b800

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e8a18a69ee76f21f5807f2982787b432

      SHA1

      8af2814c19e5db79f763f2052997d2bf173a3d30

      SHA256

      77a35d1254a1e403de84e5de508d902cbd213b07b11c76e18447e673f27303b2

      SHA512

      d26602373822e2da14b02e26cd8cf2bd891f4878f60d5c9630766899db8c49c76e8feb217893f33d70ee380311d289e601f037ef32e7d8f1455a81d077143a3b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      930c8428991d1f8adbc96ff3f193bc37

      SHA1

      05faf1a656b211de683d1835893493dfa5b1bf48

      SHA256

      a9ceed5bb4b77316fec7e9c3b0b62e33c9b73c66ca55840c6968636959f573ed

      SHA512

      798c4ad891e98172a2b55ca1d9ca2d58ddd7909cf29ebd73ba0018ae1586ca16c713b97702dd3613bdc7b6526506b04c20d556673bc36675e5629779db38f604

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4723e2a825a15779637eef7b28fb630f

      SHA1

      0bc4fae98d3982e98dd80a6898fa6d651e44fffa

      SHA256

      8ab0cccff9e7505039170690a0e00e99aaf37f55143ad2c1225da7d069719122

      SHA512

      a4130afe907517a4ca490b542559a78a0ac5b7363514ae115c1ec5685f8c23ebb327470bc572db2fd866467a883236f1b63c70e352d1867d6b67c2ae5d1dd766

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eeee613502e12885f4e428ffad7f374f

      SHA1

      55a11ca0d888fd9170a274f99ceaa5dbc81957b9

      SHA256

      2c9562cd5ea834390f9a7030ce5eea647d3305531be1f7570a9bcc023810b4c4

      SHA512

      6e9228ae0bfd025d98a7263eb00344e03106b51c3dc1ead9f0d2a73b33606b31731e7d52d0a51659597465a2437069c38702964c3e5ea8f1b9f84fd0d576ece2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d39e20d10539222df1cea94005862332

      SHA1

      4d80c91cb3464ee42a64c5fcc42742ce1e321cd8

      SHA256

      19bbc1f20843957e7a2cba7e2f39ca4a40f60679f0299d34e7a9fa84453a0e87

      SHA512

      0775a246ac24aa95509601f025ce36be36563241075633c57ad76b9cd4e4831c2db4928f2ae9970eb80e7c82aecbb10b33b28d8334fca887080651cc42ae8f43

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ddde2af9464afbe84390e67d0f6bddf0

      SHA1

      49c4fa51d0f06a5ac9bdd88cd47225606abc5b07

      SHA256

      9afa54ccf6541b8256a806015b4efcabe694b6df38d1b75bde4fe795c10f6ce8

      SHA512

      994412dc87e8ad210a6e9fbe3ac009c4ec45bd34644d854f8b167ad39eb22ab2c0c3c60e7b51f8fe98546ec9d873375d78d49ce96f41414a6390aab8a0882d43

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5233966de8a5a1690fb1741aab1bf80c

      SHA1

      5836b59f5826b76d8c5557815f1735894617eaa9

      SHA256

      5406983aff1b6a728b769a9915529d59a0fa1b22aed56e7aed09cfb3903d7476

      SHA512

      f54a3f09444ff4d719f5b7b28f8609f89ce6ab517f6e61df4c58fcedeb696ec641fa3dbf1abad56eb63a76709ae58773fcb704394e5ce5d80200183c2f5f7ed4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1a200c9520690ecde153a8505f584d93

      SHA1

      ecc0b6d7043affe7a7d5f2e7ca272e248688255f

      SHA256

      052d7fe95388e282a1fa6498903ee7bc2b343f79153d4ecef842a250e9b7b1fe

      SHA512

      0dbe9e5f62db8307970a869adc39c97e9a62c7699f27d7701f4b1b085cdbbfa446d0ee0dd6e33d50eddd5db5f4b262b6a9103fa9aae32500ee761d5786b0d507

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      02b93d86e642f1e74cfbc6b4c2152691

      SHA1

      1d8cc552525903a49d1912b08e88fe5e755a6660

      SHA256

      f63d1dbb4d472d04fa9c369c4782db0bef6ed8da676b8ddbbf1173425d8252a6

      SHA512

      4776178d4fd990a945a4d1546bb444cad4f9988ce7fb97c621bf634ce15f81af5a61fafb20ba55599ab0161ff8b899949eba424474c0e6d6a4772b8c29c1c83c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3f9d102666bec5d353845011b342f0dd

      SHA1

      63f00e1af73a7f82d330b1a47668e0973d46400f

      SHA256

      9a0c3fe2a79c9afa9ec839caa66251f05662cb1b29917c0920d34d523d0fbab7

      SHA512

      63b1b49b7c1926fd60964f6e17b59bbdb67a871e7b0db15f9268ed323ebcd66e7a1772db5a8031cfe33f8a2e4eee1ec5b7be83b457470523efbc74f8fb9ed1ac

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      91ea5e80d90b69cc610f0fa7413b7fe1

      SHA1

      612330c7e4a6f47e238c08f2b0a1a2c56e77d766

      SHA256

      6b2df497490d1701f8ec836d8ddd2f95195bc211bc8e1eb4974f6e5c5536d188

      SHA512

      c263e72754b0a33d63967b1dfc702cee5ac8d486825fb705034b4346fa608e03ccdbdafd353d3010b8658ba16468fd948b39c84f8f23614710a22e91901fe7be

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a39b07f2a02fe10b0f8d3db848b32c3d

      SHA1

      534cd9cb78cad4f4627a00cb036f5e44c5d60819

      SHA256

      b7e1108fd92a8febac3ae1a68a078b6560ae1889c48aee88c840a39d357e19ad

      SHA512

      8d46be79b0c04c3de45767c6ddb4239a874e54ef1788ebfb16f741b116fb782d6fbadcb771d4ceac46edcc5e842256c2c72cc4b020f6a37accf206a9d4107bfb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a82e7b52f5d265e04b7484e85c1fb0b4

      SHA1

      5b731e3ceb2c66f0f1ebb8236e06200ed9ab71d3

      SHA256

      fc4525c2cdeb5b01e1273e55bd17a1214d7060aa98c24faeea81eafcd13bf553

      SHA512

      90245eed8f39d167bf242857e77242cd021c68c5eee833c575c7ce3190fb6ace634b95117caace59bd148efdb754b1497b54e8fd9edf895a3005bd97c6b996c3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      289e723a9f0cb71103d959d79706707c

      SHA1

      09997193750599131f76456f3a70b59d697df0a8

      SHA256

      a767c365a8d0b8ea405ae6433f39751c20f833c9395ef1db40b2254b163edc32

      SHA512

      9001d00dc9297d8ee3a0be0db26265a0e059aec097b6b16a6ddc7ca7d34a10859e36457092fe414eb1fb255f09ed6ef04f17b5ab6e1599ebeba97bc58a079970

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a0008d151eae82d8085c61a1dd8925c6

      SHA1

      f603b9b27f3536bbc6d982640518009ae4cd592e

      SHA256

      8077d8e23eedcfca3ee288dd60a2689983adb00472c732896f3285c7fb55be62

      SHA512

      10851053aa26ec535618e3c1551be71f1dc93dd6f122aa47de89767c7f99a8a1196c3cdaf4bc0c9280720654166a06a83e5e687532eeb88e20b73c91f03b6c85

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      242B

      MD5

      2726a58261633cb2fd70454a2dfd8bbe

      SHA1

      a69e9a2368033ec970a413b86d54e36e289304ac

      SHA256

      0bbde6cfa56445e6de49f66dd695d3fc031f8bd62d416d54b81a6d045fa30630

      SHA512

      5b54d1ea12a9048ad19ac490b9697f3308b559003ed0ea3250e5df47deb84cda99ef5097c3c6e804c87aaf9641a039ca11c5ef5b7fb3e679895b219f36dcebce

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JF3F4C4\favicon[1].ico

      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    • C:\Users\Admin\AppData\Local\Temp\Cab648.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar7A4.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/1352-585-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1352-586-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1352-587-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1352-588-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1352-583-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1644-577-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/1644-576-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB