Analysis

  • max time kernel
    118s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 06:56

General

  • Target

    b23c75053e040696bd315a2e4a2d95ec_JaffaCakes118.html

  • Size

    129KB

  • MD5

    b23c75053e040696bd315a2e4a2d95ec

  • SHA1

    249a4b9891b9a3b46ed8f31acb4948fb474d5add

  • SHA256

    6be3ecf66133e2ba67a2eeeb4cde26bd1be9d1d10d6015283cbe27f993fab822

  • SHA512

    dbba6c949f8b1dc6b7aa792f56c06757c4222acb09055338dcbcc9d395a0662dd98a7a89148ce9413ffcdd881a63a286be15e16a37eb753759370745b7d6f30f

  • SSDEEP

    1536:RGBInDKr11VFTyetH0Hjsqv58fGz5myLi+rffMxqNisaQx4V5roEIfGJZN8qbV7e:RlDgtdyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b23c75053e040696bd315a2e4a2d95ec_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2696
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:2156
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:209933 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0e4931c4bb03f543a3b4633436f13bfe

      SHA1

      1643ce3b17d6000942e374a1f020e41f5b1d75c7

      SHA256

      b15dd3e5a282764d15e46811bdf56e647f2c42631f458673b523d85e358aea85

      SHA512

      d12e0a8a289bebcbc76a3192128d04e04f412bfdf6714c7323479fcde60f3c0c5df598a688785781ce30851aff2245f5dc36331d727f0c485af312400eb2a09e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      22a6f02d45cbe7705bcbba70d3283543

      SHA1

      ceb345c4bca652e5ed0770bbe055e55c997baace

      SHA256

      108dc62283f61ad0a006338fe2aa6dfc76eeb47352f19496e14e148107e62c92

      SHA512

      bde5c5c3ee1cb570c4d9db4746a6702ffd409ccfc61875cc6aa8c93164b1844b0f627bf6c80f020168fc9f07de7e9d8f0150e99ee96bd645319b615411f99c42

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6028e1088b44714d2b54aeed8b0fff86

      SHA1

      aba128cff0ebfddcdebad089fee5f7b13a21b513

      SHA256

      5d6de3ada6ba6c415c7c7f14381867fb5b27cf7e3b4bfcb4fe2b95c2da1537df

      SHA512

      7aea7d46345745d099aed1a92ee5eace76dc5ca099a8d09219eb86ccd92e039a64e8752c0767f681e383640c8041f523b8e04927a524ca2f28050d6f0c9bd1bc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8a590e3962c53ae0e0e9794126cdaa39

      SHA1

      0981882fd85f3be9d1c94296f426e8c7073d474c

      SHA256

      78cb1d957d4001b17bd38c21e4f2379a5ba15016487d0df4b56b61f22fa54821

      SHA512

      9003392834190535ca804c126b5c25f03b6688c2f091d42041660e5bfd211b030752e38f99e1176ae1963513ab55908eb86c726cd6550970c09e75d08270e18e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b121746adeeb82439030fb5adff8e85d

      SHA1

      b5702bdb3cb31abcdd185059b144078ebfe819de

      SHA256

      e99d7d1985a4073747488fe02e6c53e71b8875a73dee4f8d0dffc37546d4478c

      SHA512

      68e623f11637f982e8520c47abfc9ca3a7e5eb3cf99618c1b72990f7d932f69d05a454e00ff530051a9614c0ee6496ea57e352ad20a350708be2a683d73990d5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      730e87ccf8f3a5d73202279ae099fa51

      SHA1

      65b378fed5c95736c19914ff73733524e1fca0cd

      SHA256

      51e3b90f64d753e99a4db19659f91e458a80381a948ffaac1fab15255cc38412

      SHA512

      52918d0a0871efba3664f7f333dc0b82d0a086db164633c6aa6c25aedef4899559a4f8b68580377b74016eba0e2e264486b8dfd4d02b0cdc224fd0853a892f43

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      62f7c8c1d6c3bca7fa9127bb8252bfbc

      SHA1

      14acbea6f7b295dc2531a9a951e25918ac256799

      SHA256

      2af42f05d03eac5c7ee23cbc034d3cd3213883c5c24e6b4e01605ebc75cb2129

      SHA512

      8b79a825e20c83305595fbb00cd3630336c68c7fc72de6828abff702e596a45dffb00515b1e868d8765bce5a7491b89babaf2e6d8d3947e33168d20be839b615

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ef261839b06130b8cb77ab76c1f943b0

      SHA1

      6e785ff51f123c31c91b4b4c85072d9e0134a3ad

      SHA256

      1ff1683703735243bfa498cbf4eef17a43d67bec44d2eec1257bde85b7942013

      SHA512

      9752d863c675de71cd6b51207ad1434529039bd9e0afa37acca9dd682663a0d3bb8bf951c8d38f5a1423320720066703f69f7a3b86564ef02fd1814347b325b4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c89f696ddcd8e8e350da3e71e39327ab

      SHA1

      65bae15b798ca6f46713dbbd0541c137e734c8c0

      SHA256

      161a956fec8226d493cf6f4884a61865841291d193c9cc196642fd1bef7fedcd

      SHA512

      c5a2de7e2dc122d2b2e4efb3cb9ccc7fa0b08fdeefff07144f1d05c780c20a04c0d9442460c4d4d92bb508b8d6d4224f3bb37588f0d23bcd40586cd6875f4a6e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c1a70bb5de138c111a14f7dc416ee53f

      SHA1

      6737a27e344602dda6a1c9940fa0fe03deba7e8a

      SHA256

      ead05bc63edd8d343bc27e0b9b74f2572a516027d98131f8bd1494fa4ed744fa

      SHA512

      a72bca1d69665fc030c6fb3c36b75bdcc670e558fb8e2b180056175a9af7315466f905e2e4bb0447c1b49e304807a0739f0bc01aeb4bf503c00e05ea01de5368

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e4b1e0bb2ae421c3f93c315bd569cc10

      SHA1

      4edc5044ce292a427afaf6db8ecc08227978397b

      SHA256

      f397b6c7171d0b3a33839d4b2630e211aec0a5cf280385b4aeeddda7814867f5

      SHA512

      a9faa22203cfa2187af6237c66042556fa2c0584820a65d98738df22391426a7667cb1f28ad6598e966b2f076908094ac579fa3d142518bfc652cd6901300f5a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      772507566fa341467bffb6649879b154

      SHA1

      976b43ebb62c2047db849d222ca86fe7fe0b83e9

      SHA256

      0cda19bfec98199e005d2b1448d46b85792bbaa08b5e6209e9d8a47b25b1ed01

      SHA512

      e0c0d42d607a924421e904e97bcc3a0f7bd7c54c08f3328b6b2a8701f78809801b19c8fa67fa045648cab679148aa766007c905f2cf944ebcb54be2383020c4b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b3d92f7c580f99269ee2e84389d57db7

      SHA1

      8e356715fa141a75f8d580ec06e02cd04f08dd9c

      SHA256

      1bcd3d427349c6c1ec752d03897f74928db057c58510adf0e70b043ba5ed3edf

      SHA512

      d30b877708359a3c49164800ccc77df0a548da79a08553534e23f38ba899ad5ebb2831d3a533527429ac1d29a696108cc80769f07bc763e59ad4cddbde4541c3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3b288c6c1a7ca6a3df7d6d009d4c8f51

      SHA1

      f01acec1fbdd9844bc37a01b2af7bc3e67be3594

      SHA256

      cbf938fb86df51080bd62ce94a14b6b8912e1382392e2746f92da6e6154bb2d0

      SHA512

      fd99a484c4b2fac458a31b3c341d2c422b5b8c54f299167910a6b82e55868fc1043b4bb2392e90719c99689be8c04cf5f0280ba4b669d6bf96d80482bc5aa474

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b4d0f4fc2db03de34261dee17abcb49f

      SHA1

      62f7e339b17c1c1960fe14b132d11cefce3e4f78

      SHA256

      a7c55b482408de94c43e4ae6da3fae1fcfd74b73f3ac99f739ab3630e1eac099

      SHA512

      2e9a1a63410745a85f647cf973f1595e27cbae94b6af2bee698a30e476976e3c98eebfe794936b8348c1a92aa5644db454695a64b5001d26bd46c919cea3ac4c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b269f0d8089fdfeebdba4af3d804e30d

      SHA1

      7e580463c7681c1f62637fb27a53bf9f25a51df4

      SHA256

      d7ef3a5c66902b3b433bcb78475b541dbd0c9cd1824c2fc999d7124db876347f

      SHA512

      c1069b522f6b88c8c5a35c9cb97510ab6e8857ed1ccefa57cfce927cba48bbe02841bd78efbd46dde65d0edd9ab7cf02b3045c605e6386d5c62559f01f0b2081

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a93cd9737f20aab0b7d92ef5857ec6d3

      SHA1

      a6ca440b2ad3e2cdc3151bc2b69c681f7c63776a

      SHA256

      c7fa6891ffb2ba65c6282137eca4ef5df7f4b70b047bf0e9795752537a5251b3

      SHA512

      145742930f2e21fc500b19bf4732245b2db029362a805878b545d08247af8246d073f32cb33663caae35791303be3ded7724b80620ef8ead110f84950675132e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a0a1ad782ce1ebbcff013dadc4c3fca7

      SHA1

      d49397524a327badf83b8459bc1fe73a010fd863

      SHA256

      fdc4ffc41ac63b288cfa06bf54d9aeb55a43a1d1f8c1e00c1f37d8a11afee873

      SHA512

      5730a5561e95315703791cf2541b688784a137719aacf5af41d8af0903fa064a946257dceb28baf6ca97f9334acf1037824c5b3488a59b86df6b8ffe90ac84a2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e4a5dc84a1d5878ef95f0ee5c88bf1c9

      SHA1

      4d7d33dd57f90c7e8d22096dcff34800fe8e751d

      SHA256

      098d668953ca5e18c5ed76ed270bdfe28ac6e6f489f84a6dada412942c22dd6a

      SHA512

      48347da03a86687bf57c73c09bbe40e27d206c132e68b5fdcc58c0584ba8f31f07ae4f4ff0c34134147bb0c6c0cd81c2f6ef570ab1209a8c8ed39c6a60fa6986

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d1f6d9f329dc4fbb0a9e77d6ea26ce09

      SHA1

      d86044bcd615e739d33366bf8f30f736126149fa

      SHA256

      ea2186fda90e0173b74f9b4696643722e2cd8d51545acdb22e13c356d6bd65b3

      SHA512

      3bab9b8dc6c57d9f9841199cb142e3c64bf1efe2c5f1e198ef4833a3e29c842a749684c6ca502b39241eb5d86bcf1703953d7a87f329677ff240540ec9928ad7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7d4c3fac2f76374372a4e566b5e30601

      SHA1

      1049e774695fdbf115d866eb659a22e43b96d58e

      SHA256

      ea03f1c4ce0f58ff3aea7f70db7584f327349497868b28c93d84b49519dc0f18

      SHA512

      27adf2865f9a0813a2839467a10f7531d2036abeb66c663622b51f641759afc0fb8227e7d8d5faafdc74d14c3bf5ef2491af98fcd78e054b9302f27fee032e94

    • C:\Users\Admin\AppData\Local\Temp\Cab7ACD.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar7BDA.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2696-20-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2696-16-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2696-18-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

    • memory/2720-6-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2720-9-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2720-8-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB