Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 06:01

General

  • Target

    b207b61137f3e0bf72e049ca5a511683_JaffaCakes118.html

  • Size

    158KB

  • MD5

    b207b61137f3e0bf72e049ca5a511683

  • SHA1

    1b2261a61284492b61f1f7a9d769f7fd32ebc961

  • SHA256

    cf0819a77ccaa0acfd228c0c85d2fe2f2716b8baa591aadcb98b102e73e4c453

  • SHA512

    b5f4f220be2ab612f834c3a53e6c2a68645692602b45d2f3e933d13ae7f9d4ff942b536220f31b689c51d371747a9c57be5da4f176c03f067a4262cb95e30cf0

  • SSDEEP

    1536:i3RTXEutSPwg/fnuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:iZSYgXuyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b207b61137f3e0bf72e049ca5a511683_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2748
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:968
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:924
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:1028
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:209946 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:600

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b54982e8e8461b6ad4098e1d42455c47

      SHA1

      0d25f2a2449ae5d303c134010540b3375a131d23

      SHA256

      a9618c204496099e59d2aabe3d229d24169053bc77322eb07e1b8cabb4ef702a

      SHA512

      e127c042b2708f853b98ba08043b19958463eba8c6d593071a82eca9bc1d8dcf10d9c3901ebc71082a45e8bedd1cb6cef5d19080b0033460e283bbbb91535499

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8dd51ac6374aeb70085a793aa6e5d491

      SHA1

      886ad5fec674f7884bf35a5e639b9f4e31877c9e

      SHA256

      1675f7ae992990b2239e684be5ba0108d6a554613ef0dc1045e27ac6d7e5693a

      SHA512

      492404b9471812c9483ddbcb9d58247d8a3c50724c83412c599ce9858e27b46cd151cb3a4ee8fa3a92f540db4eb7a98b6b68147b2d34b09629fb307098235fee

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4ad16cd2834972378acc1dac2be67f7e

      SHA1

      af50ba8338a8774d65e67fbe9abbd37ab269530b

      SHA256

      0fc72dd3e3e5ab19bed17dd1912e99e4fcd9c6cc61ac75d9bbd29d77ecba1935

      SHA512

      639578430d9567ec9e9365897b4ffc0edbf8d31dee928293b7e4f2b8258ffe289d5f55a7b02ee7d8a885d1853c6c12d9d7139816519cdcd10564abc91557555b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      11a62e1af25e858947963d2467604f2b

      SHA1

      ebc95b5524a74b3dbe75d67cf271b32467dd0e1f

      SHA256

      fc955a2a696d40a3fb9ab9025a546a5bf3ae0600678e5319a3a98473eb1353ef

      SHA512

      06ad15610d63a2e9aa9a2b0885528e0fb8e777fb877be9666a8ab1b7f627a55e910ff88800d0bbd9c1fd8825b34a0678e39829ca3d499ee8e63d1e1cc8e68202

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0848f2d84c53a61afca04b4d4d33d7cb

      SHA1

      87143ee3e04ecd48e2fb2a4e7e5232d8d19be5bd

      SHA256

      b9a24ae175cb951c12ca93078ab6ec45d7ce17b2adda6320473eef02731138e8

      SHA512

      5928090c175afb2b965516e7ee881e087023de5a34408a2c4506ae6e1f9ca7c3b97d2ea7defaaf2df5ba1049af79c2d0cacfeefc9f2fb27c5cef95fac2557e0c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cc2c2dfc33c74e4b6280e50bbccbd006

      SHA1

      6c9dffddedebedbfa4cdb5ef0d08c2d638721ff0

      SHA256

      a90debe26ff49543c9f309e61c290a552694f14663fa29c5885df5a44e877add

      SHA512

      ca229d4cb543b323c50826f26594c5550d05514dad9c85d0081570efddc8e75a26c65f3c29dfe95d19b77a625701a9ef2f1a60b9c7d54485bfd0ca1641d813ae

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      913fc53a6468dd98044ea2b0bc4e2456

      SHA1

      c6e911dad5d50462f662584edd464f13ba5ab284

      SHA256

      ec27df29c1ebd0bed67334ce47046369e2981639b34eec87870d8bec3175777d

      SHA512

      c59c39650e41174bf59768464290d7ce697951fdade0d96f141d45aa22afc58216b112acead888d2078221c27ccec7496a0a0cd515b504cb509ba5da58f2a6d8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4b4f82c05bb8fcb8f48e5833311f430f

      SHA1

      c0f471dd763fecfdd85756d03cc6f91ceacb9930

      SHA256

      efbb1642e9d4b1048d65683ad0e2923d8986d022e3d07d13a1c5dfa2bdc3c634

      SHA512

      0075316befd4870e352cb902bd9b3e1f2c3b618d388a541eee0e497b6db0d9b6e191936509264db1122b3ceed74c544c902c79f9cafe851c948f34109416b564

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d9fefdbee4828ababdb4b2e7270a5d16

      SHA1

      ef07246b2998cabe3ae18cb1ea0971967d7b8d98

      SHA256

      864bc0c617d4b47da7fe032b32fe5f25a1d407264479df8750a49c776ef99c36

      SHA512

      b6ba0a58bee91ef1a897a94a824de61a0d187337bda67eabfdd2515de4d3643cb630d92ea7501cada95b8c1c5d40bdf57a9a5fbe919536c9454610ce2aa77c33

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b3b5bed3622d2f20d444981d087dfecd

      SHA1

      500b77e496572e36123634e82271d3ed78f6a112

      SHA256

      9848baac6e4b4007de6b3c0192e6848941c76af849b8f2b04c9b263a76ebed8e

      SHA512

      3b4465063c86e5ef3aae8828fe1b50690b2e7b3f43b2bf69dc4981ec001bf51330766f6af41a01f394694f1e5b81690646392ed82f6cabbe12eaa50fed306aa3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1fe3dd0c68339e89dcf6579b2a8f8c29

      SHA1

      e0bcd4c5e37e50d863e3d12087d2aea1795280ef

      SHA256

      29812dbd53e3de069abce91e3fdaa92ec0892a791834014b644df9a6da793e06

      SHA512

      acdf21300cea1754b4e5d46013ba43a65ceb0b7c91892fa3c8692e8df3b40dd1863714fdbaf787e775ac500fe29ed4a653c1b0e15c772abafba55ee1b38fa500

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      03c3d9774f0f7b3ce8a89db57734565f

      SHA1

      cef080b55ac3ddcfe30c41eff60fc946850efcbf

      SHA256

      4131495f667a4296de2e725cf1938394d28aca3d72c040e509c22ed4ecfc3ea8

      SHA512

      eb01778144a2da5d80616f91bafe6800ecbe7074a6180e7106784fe63e32c0b19b90a043e9eaa6d9e553f52757302122e973b9634e90098c3802a1546a9c675b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      aa676d32ea32a65f94d7d345e8e508cd

      SHA1

      138427bf1a80fa0e653750b35fdb9cc5fd2d3902

      SHA256

      2047cb2e08d5883602dfb0757a109582a222c9a49b027eaa30d5ca5698a14ca0

      SHA512

      8d7a20314d7541ed46fe947cb64bd8f90def1c3133a13826e6aeed12435282d43a963696f93c87042f1954c649d4b1cd124267b1c195e0db4bcb30517b94d0c0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d5ebfdb53331468ec832434445129f32

      SHA1

      3111ef0266409fa62d01a745c870918eabea4351

      SHA256

      8f6dbf715400168351b9bae53a9055bb8dada85b5d24ee376a15c8a95e3e997f

      SHA512

      7116ef252038eb85eeaecbef0086015e976ae343bb6288c0aaed483e60bae5f1754769f670465d2bffafe4e8e693cbe88f463db3e24d42fbc8d7a9998d88030f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      afd8cf3138602971ee7ded58c87bda58

      SHA1

      0a86eded623eec577f331e801cca258c9fd9eb15

      SHA256

      7cedb998abd6e462a8dddca3942cecf5ee3335e74c46d3bfbb9e50a639f2a355

      SHA512

      85bf986dc2b86556ba4604cb8350eae9d54f5816a31aaa3d88ee6e2397da9120077763322d24efdcea7c07024897495f0815f408d5df0f9d697e89a37740cb1d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6c6bea7176d0a5dc60e4bc2a85506405

      SHA1

      166955c4d849fa4c55e810dff8d606dbba3af7d1

      SHA256

      00bdeb05115922b8de916bb690965cf2c7711cd1f9d2d79490327d35e5cb6552

      SHA512

      d5fb129baaa810fae32d1ec2dd0611a75defa7dc898643f9c03488a337b7877e5a7102767d83326e1ea39908976cb389faebeece7eb1463dde4226c5d446d9fa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      88e685b4327f218a8270be4acffc812a

      SHA1

      4a4cfd0ce8038cdc38368ed8d11ae144729430b5

      SHA256

      945f70c70570900c9b2f82a34880d4abacea3b29fd1536909074849252cc2af3

      SHA512

      2b4ce4a39f7fc83308444c4b56e24cc87f55b57da04acbda7badf408c4ff2f3bb4f54564df16cc92dcbc96e30f3407766cb39be6e66b5a148a90ff608493623a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9c2ff08da0108725b90e9acafca084ee

      SHA1

      04dc589fd7f64c4b5bfdcc0580f5a7e5f6c212ba

      SHA256

      46abe30dedbeef2e84ba93831a9b64d2d833298e96e78d710f2174c10b6fe60f

      SHA512

      aef960acc7b3c9a41c471247ab3727e12630f0d4195ba953334645e500ce28f9cfebbf716e1b97e66369a81a93e5a84cef21fb372c84bd7cec6769a3df493c35

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7f454b3c0787618810e960b159506a29

      SHA1

      1d07da250cf666e9d425b1d7553c9ed1fd21dba3

      SHA256

      93cf3d2803d8c796ec8d2640c3076ff7391e826fb462687a7ad8d3a7ebf4144c

      SHA512

      7e89e4046dcb2432c00f46dbcd0d7b6b7b4f343c49a63fbd0be27d50f77c87f6199cebd996395f62b08ff2d01da1dad7a0abbda468cac249ea053ad72f58df02

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      44fb692b42fa54ac19a953dd7d1fed6d

      SHA1

      1343089bbaaaf3ee571f1a1872213e699d875f4c

      SHA256

      077c228cfa29139118d2efc18853f607eeb6333cf7f9533eb013d73c583576c2

      SHA512

      80575cae7149a39f868872b093f72f3c676dc8731e2387e9eafd85b6da3477c7ca0e19aa571366864d351168c1ed143b6b53e57e6d6c2ab87d0d161372c5fa09

    • C:\Users\Admin\AppData\Local\Temp\Cab9955.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar9A22.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/924-448-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/924-450-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/924-447-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

    • memory/924-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/924-883-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/968-434-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/968-441-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

    • memory/968-437-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/968-436-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB