Analysis

  • max time kernel
    136s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 08:12

General

  • Target

    b283fd38ead4dc8ed31c16fee19ff55e_JaffaCakes118.dll

  • Size

    268KB

  • MD5

    b283fd38ead4dc8ed31c16fee19ff55e

  • SHA1

    c11859605f593ca5e050968bed911defc5da1c2c

  • SHA256

    5960119abf005074613a4d286727365fa3599e5d8ecdd1ab64f9d80b285bcaff

  • SHA512

    310097d31aa5638a57d2d2bb128cfff7ea4048520e2a7f92dadeb6a38daf7516a8d84858b6410832f28697f0c24e4d656dd7a046bdeb4887d9fc2a303dc7160b

  • SSDEEP

    3072:5/kTIdXm36Y7KTZgjGYEqINyPJX9tEO9IevqtX7ua5R5WSUgmDQF0EydFIYQ60Fs:5/FYZIN5XevqoXczyrwB04U

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b283fd38ead4dc8ed31c16fee19ff55e_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b283fd38ead4dc8ed31c16fee19ff55e_JaffaCakes118.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2324
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2232
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2664
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2356
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bb73ef0ab8971a8c67a33383de38b09c

    SHA1

    28e04dcb651c2aea173cb9af79a89615f10c25c8

    SHA256

    df9998b7af2886aedf7787d1ebd84562c7857742b0b8f6ca0cf169439225243a

    SHA512

    c286cc75636b65a8b54cfb9cc0ac26cf34d4a44920377faa2b94a3a517ab61a48360f6d50af5722b52c4d5656edd26eab247e1dff7e5b81f50880f3a125b055d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cfbdcb416b72fe7b2171967318e5afd2

    SHA1

    dadd1aabd5e9807e8bd56b5af71c6335c08f8606

    SHA256

    ff3ccec5b8f16ee4e47f1b7f98d61d779ca5117eee4cdb5c9d3b22abeab9034b

    SHA512

    17c6b672ae66c5b5c00aa3ca289cd409611b21e5d549eef6946f4fb0cdafd21c5f47ae8bd8dae127eee980e5bdbc8982860ecbab158438e21b950960fff487ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e3fb8eef629691450bed566b77803019

    SHA1

    382619c9d0e7ff4160d5154afac5d65d31c3c46d

    SHA256

    7a15ed8f5e63c9e6bab64e29f1c2a55029faf74a7640fb9f23b1059ddc7afd1e

    SHA512

    179c2424d046f7e46fedb5f57694fc5f252185781c77ec1cebb47c09877d4765de87ff04f7adc055ed09fd94f8515075d3e86ec1c1926da34ee1a038e9c69368

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    403a151a4c42df3d4fdc1df8325b637d

    SHA1

    689a7501c28337a70d717425a95a823cdc2c5522

    SHA256

    c1815e04efad20b5b2054f4eb482279332b0158592066ab91fe95e6e970c1b2f

    SHA512

    0cae5b23efe8b3c1927269df2b13ef77b0b1d4597f14505dddd0a130e9ac89a883d1a023416425b1ac6939997621dba541654be754e88fedfa1428d9166de8ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7a959352b1bc67d37601f01821ab71c6

    SHA1

    5cdad58589dcd5bf98a0c2a0e029744ba7e53d39

    SHA256

    9f341c3feff58df806704ab15760c077788f25a8d5b0f9d1d5f08721d76a8f21

    SHA512

    e04083cf619946f95615733acf676eaa493567c945b96c5ed3ec48d03ddd42b3089fc3d15ffebc54d0657141b7e049aaecd1d33942d888013376e5471a77447b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4ecd9937ead06dd51d10ab48481190b5

    SHA1

    305eb271fb09efa7a508402a127ba7d575f9d3f7

    SHA256

    bc0af264da7f54a100465a876ff557c242c3e527c5fd19159595ecc7d7321462

    SHA512

    2bfe41341016aed582e146b0a5c9a8059fac97fd6e1cff835100bdee7fb1515cc1600d961c08dfa93246260646b9adac07d935562762cbad7e631231975e263b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    40211c2588d29f293206c1c0ad88768a

    SHA1

    ebde7a00fa643f8c17316b51ebb2d6b2c591ecd5

    SHA256

    910dca03f7406561290dd06268c8de10be5dbafdae19d38ba927eff30c461af1

    SHA512

    14cd636afc5d7c362e2f3ef8f0de77f928feed7aeb38f8855dcfd40c38fc4a5a3aa6f813d1bce1b75d9de93f2da587dabd302ba3c627898a951c8031f4378062

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    358afa5428d4d3cf7885e2f770227362

    SHA1

    5499ee8567e9b2b885e17d1e384a5d005df0a18f

    SHA256

    18ee4c3466ad52f02b5a7a6638847fe7ad6649e59ceeb50b702bf7e341e2f84b

    SHA512

    4e9444e2e0c86764793ef7d815d856ebcd56348cbec942d8082a6454ba20c8dc5867ed6f54ad33d67c3a7cd21d75f47e7c8644108d741f534dcc95342022b6a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    afb0a58435bc51c734787bc91af8ddad

    SHA1

    25fbbb8145cb8cbcbf83d5aaea9ca985263ac9f8

    SHA256

    831dc880dcff3c3d07085b294245aaf54667bd009560fccbb669bba7ecc04bf3

    SHA512

    528797171a86488ea177f2577fe583a8ca3057b4d32d693a3837e3d009009ad295223257f2238a1030371a4eaa316af180f813e20f3bbf8391f7db819015fc50

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f128f6eef71c8a89ccdf24d4b61bbe08

    SHA1

    5fcd3bf3ff2cc93e31234988f43c8ad983a7f561

    SHA256

    74182f6861be5c8a1fc39bf2e9d290164fa983296c82646083f4cf933162d8e2

    SHA512

    fe80d8da1fd9e71584cdfa3d8f97a0721b92caa9b473b81f506bdcfd3160af02a1e3ada131542754a7cbebedc760ad152381a7851b69205ed5c0470796fdfff9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3820f40e5edc19ca7573db558c8ccbf7

    SHA1

    1f135ae954483fbd65adb7d6ebd408086cac7f42

    SHA256

    bfc8fd34a30b430283cd910863e37515a956c819abf527026c196949d44564ae

    SHA512

    1efbaeb9f5f938a5494134f9c667ea1c71a371eef67ea79a01105161758bea55028c4a87762480c4d376a33086131f99eab887c24c7037935c92a64bbdce2fc6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bead74bd55257728f17676fa37d5d2d3

    SHA1

    1e11a4a155e7504519c9edd8df066e54cc63b0fc

    SHA256

    242863c3fb4a2c9441528fb8a3b8d534e135564b9e3dde0abb21eccc2b656731

    SHA512

    80cddbe92b4efc1a59e479dbdccb4d06480ff5535aad84ff177a339719de8b24f73c160c13cdd4d1939044427f47c2b7942c0c6359e4e28fc7242ce451c20795

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6bd1c76f6e730b569670a37128266a70

    SHA1

    ad41b8d86c7d659855f08c142c0b2813aff77c2d

    SHA256

    6790e314f71d25e382e11b2a08b4e7594c715e927424bb493266965158155dba

    SHA512

    16db0e88996a2a2a9d42e2de2c0493e84e38740f8f3595628c4cc389ab8f54a59f08b36b0a13c48a75cc8dfeed114177189e0b5790f88d0add794b99d444de63

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6698c2e30b3f26a6bfbc8063d9453e63

    SHA1

    8db3987888b0758276c522cc6880c976dd1cf653

    SHA256

    012d287e3a9f3cedb3c711e012dc75e0cbe97da6db9e8b8e7855c3ae245aedd7

    SHA512

    6355018ea28d2a4d38074c81d6c3d705116321186884a6febab7457cac183c90eaf87b22a46d8624248c56cec5f8b9ce72e03a83f046a7c8553d8b873165e22e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3ec212ecd2d8187ba97e2a560222b935

    SHA1

    22746ba572e1ccb741ccb71477b51990eb3c47e4

    SHA256

    cac904d5036499dfba6c610a3b38876169d8f1ab3262f5d880028fef3b01eab9

    SHA512

    2d1778b97e3939790505258dcb8852674afd224956627e22e49ce4fabba50afd157da555a241d32cfef7de047768fc5a2e474121f981a571bc70a8be2fba118e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    39e151f9b1b2459a43770fca61c278b7

    SHA1

    e78f515f33013f9366e7315468c0c09696d4f1fb

    SHA256

    4b3f977aa2ca5fcf96253564b0ded50893734871deb945067c54b0b3779df864

    SHA512

    cae2a0f64618eaafbba7e1d93738bcb5a7509e95e855d144dd03735c22063d37d5b427c2a882f96a3b896eb76c56038fb1942394720aca7d3056f1315c38a7fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6f177a0aacf5fd5f6f4a31c8412615a6

    SHA1

    82d7509f01c962b2a6941a746b2633cb939e7ef9

    SHA256

    057500db7dac81e6de17e2d7621f6bfc21699b01f10fd88d0fcf96d693fc3e74

    SHA512

    c7cddd8c7fcf7e94096c4ea31872b719a788f77fb615f57f5d1671abda2945ba573856b97a9c17dff3a1ce67fbd8075177e06dabe58323586eda50543d2ff10e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d578da458efe07aef78a21c106686b2b

    SHA1

    ec1db8be7acba4e3a3ccdb21bd7097e663260ab8

    SHA256

    5561ab6f3c271a83264de5ee462de6a2b3e275d3e3c76bf9ebadf5b64a4f5424

    SHA512

    3f74af2ceba329b267d7e9aebce6b6db58de7240937fef6b39d6809dd03b400a8aadb519b94c512252205755c83d9a99b81b31db560eb89c720e1626e7a1ff45

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1529c7c59bb8867a234ad566195cda70

    SHA1

    c86e530eea50c5cbeeb557e24bcb2f915a8d1a18

    SHA256

    465962166c3f3211d89527394f076183cb877ecfe73163a956abd111443f9d0b

    SHA512

    b66aaad8c3f948934eebe5549fbadf409e6985aac9395080a014c6ef44e5ec0d9020329a75e307abdec4b64054edf971954f89412a632e2f2882dc8348aef228

  • C:\Users\Admin\AppData\Local\Temp\Cab8661.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar86F1.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Windows\SysWOW64\rundll32Srv.exe

    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

  • memory/2232-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2232-8-0x0000000000240000-0x000000000024F000-memory.dmp

    Filesize

    60KB

  • memory/2232-14-0x0000000000250000-0x000000000027E000-memory.dmp

    Filesize

    184KB

  • memory/2324-3-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2324-0-0x0000000010000000-0x0000000010045000-memory.dmp

    Filesize

    276KB

  • memory/2324-11-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2664-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2664-21-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2664-19-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB