Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 06:08

General

  • Target

    b20e56708fccfe5b11cd616952ec381d_JaffaCakes118.html

  • Size

    157KB

  • MD5

    b20e56708fccfe5b11cd616952ec381d

  • SHA1

    97b31837311ccd2d7f834fe58a0c54d18ef81a5d

  • SHA256

    b003ad07f887dbd56b260ec3b6d70bb2936592e50d0df67d5bd08106414731d8

  • SHA512

    c5b21ec0f3ae921d3d2e5650298566ea28a682c7a7e275d851f188ee42f4ce733f320bb85db4041d98b9b1ecfc8b4a585c48dcf2c801d2a005fb0e0bda97d09e

  • SSDEEP

    1536:iFRT/B7hRLaEDIlVultmyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09wee:iz9lUm/myfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b20e56708fccfe5b11cd616952ec381d_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1028 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2176
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:984
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1908
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:928
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1028 CREDAT:537606 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:708

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6d0cee1506cb3ad3835b4d5e36aebb3b

      SHA1

      493173eb625ddb984a4fdb266b126e4e4771d739

      SHA256

      5744d898680c72761cc76cfbd0933838648235be1548ff7f0319811b13880630

      SHA512

      b5f4520cad72eaf6540953a03ed53203a1ec1fa139e647814fecee960137c9452ca35dd547d6d02ff4bd31087e72aa341ca6fc5114d0d3c6ce45888e79ef46f4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e0032b26524db1adcd704d851535576b

      SHA1

      22810fd84497a5f980c2e87a5bb9cb90a778f9b2

      SHA256

      518067d3a61430858dadd9203312152d001d5716f09e2f2afcc3d61b1929484b

      SHA512

      1d601ad26156439fa10264d2b533839c8061e4708490de177eaa48e8a7e83328ad0545a10d113aab0eb111f7f38e26653a16a89fae25ed46e8f007505c2223be

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      25e6d7ad7002196ae4a69282a0915211

      SHA1

      72b29056757b3f251e4b3758cb6d988eaacc8792

      SHA256

      23a655a4b6de3e1a7b91832ad914dbc796777e1dc83203b82f55fd7854dd36c8

      SHA512

      febb5d8020337fe6ca4e18835dd726c88b25f7d66e2ce95c664431b5d4592f624f7849b7846cf325bba75c04384059f5ffa85db8bcfc963d6d52b5d8ad4f9870

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      919bce5cbd3ce4f4c0b25390f33f80a7

      SHA1

      a143ad5059b208cd2b76c2861b83b229573d96f4

      SHA256

      686d29894b183bcd84e3b3ef0e72c355b2745774e5d0d7641ba614f242dcd499

      SHA512

      17626e09544126d0c4741f73bd412f834aba020d6062ebf90293e6417966bb3eebc9a64c47a9a2b29cf575aaa3870d983012b4bc548f727b469de639ab557859

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4f0c72d6fc6adfef48eeea3f22a93bcf

      SHA1

      e4906bb81c760117b1aa526d624fc5ec79401ad8

      SHA256

      3afe13e859dca833f6c8538332a7ffd5cfdafe9f38854b4407f204deb736d3e6

      SHA512

      ec32137b3e7c96faa3a1853b7d7f6cd0ba0f7f2575a6e9c7377710b05973bc421f2dea4f56f3d071e67c0f2d48a2f2bdff21317b62221bd91697040c2bb30063

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6e166f09ddadb6bf37b8d5b26eb80cee

      SHA1

      eb3effc7c72b63551fdb7b23ce607490837eaaff

      SHA256

      a3977f57bc2a78fcba7b3fe9d6c24b6f9282a861a17b68ce0fe22726bb11fcb1

      SHA512

      693f6ce747a04f789094253095d3803aba2f1aa4459668551b58c60d46acef17a128d8c7f6c40a6745f56a473c7b66a3c4f4f0a217d1076beef6ca36cf1bddef

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9d0719801f3fb7d640fb5c3d575235bb

      SHA1

      ed290f6f2b803810157e604f075479aabe55c840

      SHA256

      beb19243bfac2e68f97e23302a04a5c0b407470e89e53ffa5d0debc7fca352c3

      SHA512

      0b2971b8165154caed3c42f0b88cc4591685810be8e3881fee7a57211066236e78661e0d0a62d544a614e076cb037d7db3a4d93bf357abebd823bbdcef12a896

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      858972c8d2c8bdaa61303f497b0b2e37

      SHA1

      6f1a47ead03a64e12d3dfdb5893fff13b809e2d5

      SHA256

      68e4963da0e608bac40af55fdc8b681f471cb3d56314b67be8f8a644da085916

      SHA512

      5016b712c2a80f851968d060f490386fce6a08aafd9c6f514ce26cb7a6c4b83b5abb9199372050c201dff1f4ba40f7eb08c0e20f218812af3fccd6d1fb7fcf9f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      28cb1f9f13d4aab98e00783d01ad1819

      SHA1

      2b4f06429d50717b2fdd8e9a189be5768553d0b4

      SHA256

      80ac595800e46258efc199adcb8ab92c5ff929f6a6e699540460ae1ba4f575d4

      SHA512

      2b1445129b965b80f6b52112cebf376ef03121db5b05aece705f7e00f7e68839cbc182b471ba620dffe3f4f9b69bf23081e56b80bddc7518c637cfc445ab8f05

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fc235d5bd5f0f98e23c3f39743c19154

      SHA1

      423521383a089c69e86a1c0662e482200d1ec0a1

      SHA256

      de70117b0713c9c33bdb323b8c9ba7599b8b925c60ef32c9224a70474072340b

      SHA512

      d3a7cd21e08786db36cffbbeced48a601c4a9425f5ac97da1283434238e83e349c87ba62a8ee15a9acfb48bd02e9c1b4b560facad8970e4b129f1a765f46fe8a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      44cb652359de8031b3dfbfa7c834b6cf

      SHA1

      994f0f788fc6e7fbaf6efdf3dbf870cd2c2a8930

      SHA256

      d276d39730ca3395e6d1af3d490907be550aef06c26eb41a6d2436722a1eb8a4

      SHA512

      ae7794e800995327a7a73f62b228bc7aeed3bb8526c97990dad7b835ef990564e22d8ca2136c62e0fa788b29784c43dfc33232c77a015f435d121a8c7d2b5adb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d2cc8eed2e5b0e070ff50639efc6490b

      SHA1

      bb1f22084e508c3a0ea4df61e74c17cb64b9ed79

      SHA256

      434b0f0d41f14a250a28745c00249170c3ab370797c8d8cb5b01c1639e3e1dab

      SHA512

      caf7077f93c7416763df448b9c2d84326b0794a3eb561a01319997c02a86b2006e2dea68be341a38b8bc068d8beb68e8590029aff10f7c0902ebf7b285ce1a2f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a4b3d817f0e88f6ff88280385e61b323

      SHA1

      688f67cacf9d08232fa36aebd6523f1bb77cd31b

      SHA256

      319d9091bcffb7a6ede41274e79918d6b589992351e46825edf6cb1e6c66941b

      SHA512

      3e776e6bf070f7b7530c71d3f4f976d187ebec8abe2e18390ba1e7aa6c9140506bd76adc989151d71d846c2ff9a9509fb1cf5ce5e39abf325f0a0e6aa4897059

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d07a35af889883b71662d6874973cfcf

      SHA1

      412d410cad7f82f2156a5754cc16386db7dbc532

      SHA256

      b2c4dccec58332401833d3e0bc411fd235b72a1f5f7f351e10ca273c8a999224

      SHA512

      7b774fd609a03eacb6596194bee427d6252e114886fea544192bc6bf476420c9f16c352a3c8ae22f2788b8d52230dc618fef49a0ef8b6ea8fe17dea4b4a53e69

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      db4699e40d4ffa4fe1fce4a63822eb09

      SHA1

      4d3c8889835e3284864c641d77b7756e7e60c199

      SHA256

      d7223fab5051a3fef3db20ca5decb486d25c2c0d3efe51a774221407b0946bc2

      SHA512

      3927c0144b598999255d019522a595a6a0322e54c08660b5b6796f624c29ae5c64d5404be5a5c583c0e6e15a859045ac14dde7af2f43e6f7d8706bbfb88866e1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      aec58899e3e3735dda37bc575cc7ea7a

      SHA1

      746fce0084593946847e8989adfa2a84f7bd3b14

      SHA256

      44a83994822992e3b3110ef75ad09e4b1f825f2b653776e99cb4587d4e1826f8

      SHA512

      388af692abeb40b01d560aeefe6af7c928d05aac25f968824404ea4658dc6bb8facd20191618d22a8a87fac20644d45c54e1264a4616859de65dba8e0a9411cd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      680b1121a70730876eaea6d4cb617f9e

      SHA1

      1a168bcd364a3eae81be085ab5a17fa615745d1e

      SHA256

      0493a461902c92dc95e1f039dcd81fc42a739e66efa4d838530f6fcd6baf27cb

      SHA512

      d3bd7b1e7388fddf91a345a7590a93dd39818fbcf38ad67e1bb0e08209db7e1d4fc5d34f596cc645d2514d322a0272717c8756c9794af0f7f48faa95817a281d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      09c0fd4f5814c5da13fd753516a18b3a

      SHA1

      14c7affba006becca1940b6aef79a3bfaa46efaa

      SHA256

      2af6f851da78f9dfb420ff89d00caf27f036561e4d9db02acf8dd78eb6fe1e1c

      SHA512

      0b6c7f61305a2a279ac7e7e5954f3f34d4409c950b2638ff3ac80f65260a1ac1b9d2151566dfe989ebc542e4e395ca94189a7f06d25884f7d290153f96f971ff

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e4b637d716e3b014a24a8b0b06df5abb

      SHA1

      c1f2aa516c5152ea0a8b270644c65fd71caa0298

      SHA256

      81f8feebe8a04ba2bce48655702d2059bdfb9b165e7b882a9fa1c851c113a92f

      SHA512

      9486a87e691b23454160b72e547064ffa2bfaf4e969ba9a7fd95fdbace578cd5be2f5a0b380694be45dcfd36abf7dc492b6bb1a86940bb874136d0dd4d7ca7fb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9edf11be03cffd912d9de9257fed7304

      SHA1

      69dd1fcf3c636aab61fd85cf95c09154fd552508

      SHA256

      ebcf1f1515c434089c8f0fe3f0820c4c596c011b0061ca96821f927f2694e9f7

      SHA512

      7cdd57610d74ff2817070d2ca7488f1f956618e5ab5721dc35f2d2091fe0a67d15f606482753730c722bdc4971d883e711426d2c21ae034a71945b75979adaef

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1ccd8309685173bf1f9e52140539bfab

      SHA1

      8b89d9c639ec0edbe90f5c73ba00c3f90e28565f

      SHA256

      3f707f4b283afdba4f59276c90ca090c3838199eeb03eaca4be8163f74e8a220

      SHA512

      d9ffbe716123dce66b7a29057888b7a043b0b2e550a3067c74ac34e1e83076e47918e815f2342477a45b4db16847c114185dd84cb9a34a467633c5e768b0bb98

    • C:\Users\Admin\AppData\Local\Temp\Cab1872.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar1911.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/984-436-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/984-437-0x00000000001C0000-0x00000000001CF000-memory.dmp

      Filesize

      60KB

    • memory/1908-444-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/1908-445-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1908-446-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB