Analysis

  • max time kernel
    141s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 06:02

General

  • Target

    b208c7d4544bf1518aa275d3b9b9650e_JaffaCakes118.html

  • Size

    116KB

  • MD5

    b208c7d4544bf1518aa275d3b9b9650e

  • SHA1

    4145e3c0d224a02f8c8061fe31808db41de01fbb

  • SHA256

    88fc9e3994f40b6d8e151b4d265310342477445f784286a4e24769471db0e61d

  • SHA512

    9e9526e13a77b7d96f88b680ae6e3a152f39cae0eb3826cd01603852d254e04a72e07044dbe1dd5d117ada85608075f9eba800161f963abf87bdb5419a112f38

  • SSDEEP

    1536:SCESioyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:SmyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b208c7d4544bf1518aa275d3b9b9650e_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1460
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1460 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1676
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2616
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2620
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2560
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1460 CREDAT:5911555 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2532

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      163359d682b280bc0b17d3c69fae45be

      SHA1

      9a38466f886443192baefef1ad77546e839e9d81

      SHA256

      7eae63adcc3640bdf5e19e79cc7facf014357023ed68745be6729f3e5d861a89

      SHA512

      30ae303ec57b6d88ddde9afeb6a6259f5d15442a27bb9287ce3f081e259cc55e2c6383ca28aaad0bfeac34d2488291860b56a53316b5ba86ac2b10c74c63c6f6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9f1b6cf1759d811e974be9b4ce937481

      SHA1

      bd15cdc31ea6843b19b3d7fe0ca6f12fa8413b4a

      SHA256

      c5f9e363db0a89bd0a174b535a45ca2a4e309efe86d7e1eab3cc47273172207b

      SHA512

      2406a2c3d23fb01d6698c2e15c9b21fa1a9fc6a3ca063021543f3b94f5e609952f643d4cc1dc3deb40305b32d13e6696cb3d6bbde0a919a8f7b5fda01d2886ea

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bcfcd4f6aad3836ce04df7ae10058acb

      SHA1

      3b710dc86e05d9fb54f69f4602d1ee49f1a2fca8

      SHA256

      df706769ce3cbd3b5abba500d5a277586f9fcfa384825531fd4f026c8c899752

      SHA512

      500736a96871ce151ec4643ac57b5a00df911b4ea6f359f31b77083ebc00bf6c5283455c452174aec0e3d906797fa6efb43aa2885d6be5ba898dded1b8f8a45d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      efb257fc5994547ace2ef9b5ed36afef

      SHA1

      15a308d0ecb16be2a6c2a71b91684da4302c0086

      SHA256

      1bc2f5a00c0adb4877b86db8760b66498fb4606b9b409ec3a98cd4024ee9e4eb

      SHA512

      501cb1163cf82cc5db94003a4071508f915bd2ae08170aacc969da74fadb4d310c833ce3e7976c4be4ced965524d404440467c50ad1b0b057727bd09e0a56361

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cf07dbf1730dfd6953ddf41a059f82ff

      SHA1

      a99371ccee98c17adb982b08d137e351717b5fcc

      SHA256

      2e4e962bffc62d0cdf46450985bcca8ff5d7b1ba8ab41048f213b79aa854304b

      SHA512

      25e5590ce12f3d11b56d3a4defb69e7af196e4cb41aebeb85bac07b8a12b1d29f7244c6b0671240ed02e002778fdc9afb3574716ee573d536200a5d4b65865ed

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      112b9d68caad872ea5eaf73cca78ba7a

      SHA1

      13ef76268d5c30108d38a24b97a9b75402d0de6e

      SHA256

      73d440f2b939fc7f594e63f52294360c39e30b9c0341ae0e8349af7720a12efe

      SHA512

      4e2707ca00528268f7dfd4934df5ead4740266525905bd4ebd9e636db87155964830943e1972a721d13a21c27fb9905f683e8efbfea76c9dda7b031caefbc50b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      27542668bdf1e43b703b7acbf978fa1c

      SHA1

      dc52872cbe054075d1b86972440802a578b043f5

      SHA256

      d3306aef1120a8d3fc608c3fc12c32799133033cf606c82d2c5ca70c2c509034

      SHA512

      35c0baaaec7101c8118dee2fd566e274ddb1b9b3a5251dc8e31af6a17bc9b9ce00fc25e414d1b105a8bc0fe564041a40f88edd533ba45c301e1e10c5ecdad7c7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bfc1aa204367d91099b4f9b836151e07

      SHA1

      f0f1089058178c209fd300c6e16af30df5407a2b

      SHA256

      20f31c50f65257f06471e3ec9e2be2ab09b0ec19fdefa981d1b3d51f07d1d811

      SHA512

      12209edb3ab0c255b78a9170f10e64301af14c22dd85522bdfe1e9bfed53fe914ef0bfdace4ff11bc6eaf582ad12ea3001e22d3e7494598e27f5f190ce8eac4c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8c056d9845eac263be7043ac504f3e3d

      SHA1

      02457ea12e3515f4d0b1ab757c86a169889dd987

      SHA256

      13c19c746a6e7b079a0b6acb114b9ce761237b75d47656e143c3fc631eef20e0

      SHA512

      1868384589b2d6a4919ded2ac9537e88632ca84daa8f308a48d77b1ef28c46ecaae274861444ac5103a2bb9893dff8a7dc76e4645d1f94258f5d42d5a3252e31

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      64257a574cf9631824ec97f5a1396889

      SHA1

      fa68c3728afde84addd025d4bb9aa66e51f67df7

      SHA256

      1157cff7f6581b055e62eca2ebc44f71979241707e2d0cc6f3605252db6c31d2

      SHA512

      7c330990189ccfe7b0e10f537e9a3bdcc73638477315e8efe99d83ce9e331c1b7488f6bef99fc7f2c0d1baf60b39adbc64b226120e119094c7b10858d92507f2

    • C:\Users\Admin\AppData\Local\Temp\CabC04.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarC03.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2616-8-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2616-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2620-18-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2620-16-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB