Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 08:19

General

  • Target

    b28a015f35a352ac1474725cf6e8cc13_JaffaCakes118.html

  • Size

    158KB

  • MD5

    b28a015f35a352ac1474725cf6e8cc13

  • SHA1

    f8cb5b08c893c82355dcf11a1b5a77ade0761c6b

  • SHA256

    aedc689e9d09b0fcae22a7404bf972f9246e30bd6b305859e8ad27db5adca367

  • SHA512

    7aca3337fc404f24ead3c818f4e4e56e15403726d2f4bec07ade4a17e559c5746cdbad65e20efbdb6f488975af6b52451b2f1549becba90153494ffca9b82ee3

  • SSDEEP

    1536:idRT0CnDRh92S0yN/yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:i7lA+N/yfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b28a015f35a352ac1474725cf6e8cc13_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2948
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1732
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:860
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:684
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275477 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1760

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      04cf609fe35c68404d288b1fd45c3a71

      SHA1

      8c9dce5ac8e0fdd1b3b435c45b088fd7e7f5faa6

      SHA256

      1466a1442b713dc918ef9320e8d95daf7c30df145481dcce09c82e944e22ff39

      SHA512

      dbdecfa657f3303ee85810a56ce4f5ed0ee2b2853af58a03788cd2881ed79fcd33282493519bbe9f3ca1ea8ef565683cc16cbafc2a2fae4f275dbeeefcdcb579

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      473a8b674398934623b02eeffbf792d7

      SHA1

      f0e4954cc774ad025bb06865c06d21de8fc67ce7

      SHA256

      7ab83de964aa50757e890cd9d27899a181b6e5f96bcef2641cf58dabbfec1747

      SHA512

      b625dd57d9b85ed3250e1c8fc9dc59e6f817023ffc47d270aa646de3cb614f195a1dff40d7943dba862fab524ae1a976162a955a7bb5a29e90099cf8967811dc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4ce941ab9404dbeea3d67b1de8a4f67c

      SHA1

      d90ba80da5e869e16b381b73875c8667109b4c5f

      SHA256

      2b4511056d2a3cc7596fb8088ca3c14ecf1085dbaa5fbd6e0609c82203131e9d

      SHA512

      dd414aecd14d78ff85321994788f7524a3fb03c23ec253554ab68c8bb820d4752333d4df323f7e870714ba7300cef697158c77a4e9abecf352e61fc91fc1b1d9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      52a6a64109744140c067ea483cf989aa

      SHA1

      7c9d334e26e1b64c23c1faab15b71f5f11956274

      SHA256

      5f842797a6216e71adc940d60d00500da119474c2a22e87fe1dafc8f7076f67e

      SHA512

      0edb73a25c8fab4f22db37b34d5c5f93e53309820f7810df62a201dd43cd52ab34510a25b9f27c6f14a9b43c278b6fcd8a4b30a770d12461718a9b0bac286d48

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9eca41929ddb95adae0c1f59ac83d563

      SHA1

      429f82d4a9bad3a0189f10c689eca76757dd608b

      SHA256

      d954f95f0bc07e5e725c4cf97fa5abee409d72a2840f93114446e20d0b46b05e

      SHA512

      c5b02ef054ad9b44a4f971d718bf460f48077e39d668d99108bccbca891bf7c08d4ce8cb3b2eb374100462bf1d11e90e6161b61dd5b33b8b31b3f392c8b2c678

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4474a5264c562ddeb55830c4f46bcc34

      SHA1

      5e0c6f27dbd5f5cb82310e0307e604321e37aef9

      SHA256

      28e03605990d94183b584ee6009be780582612047bfa5956dc4082b57755664e

      SHA512

      7b01703e89090088dbb9a8bcfd0b005a5745b897f11bf7537ff64b8d10bb8541b8ff2b6f0194553ed9882588077a966df6c24898f41845a4e07c22dc4453e377

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4b0491416616bd3f749f7a308b26c2f7

      SHA1

      d5cbb2ee704d2210828ab13fec1330dbd501ce78

      SHA256

      abf489afd073798c4741cec13ac5a8fbe04c2c6356fd9f1250a1efdbfb865a5c

      SHA512

      85ea6e662fd08b7d9473169b7d74b3ebcbfec04e08664422a0aba0264a2d9b98497404b8d1cfa4a351980903ba00da8d4b1ca7fbee406f52eb6e0c4925a8b4bd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a76804004d9f4f6297fea2e902387dca

      SHA1

      df9f7ffea90662e2ace2976651018ef71c046357

      SHA256

      82d9caab50191511b7324c6de45d3119b3160ee616d308323525d69093fe1389

      SHA512

      54bd2d7b8f1517b39cc8230b8415f48f099d51447ac6be6da1e974186006b55bc1adc89f4b26adbc1e76d1e973e9a910898486ee7f66f94d69dedf72ed23c2ee

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cafdb178d9be7911d83902684c77df5a

      SHA1

      fea2ce01b929ba73d3c0681ae3621bb2d93cfcf3

      SHA256

      4500aebe4e6454ee9732437d303abae1901dc3a1848186b46504e37289cac1ad

      SHA512

      70a9781668bf021df733ab8542a45af0f09823e0225af2a8cb70fc84ef8d89c6f46f76934302f508f60fc2b15ee88cf71a53f1e02a207a05e4ff7e58f3129ddd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fa4d6fe738cc90a73d65de089d44b789

      SHA1

      ff1c7660d3b783f3beec8518e6cc6e2eabd3ee5a

      SHA256

      34e9421c564dcd36a51858cf1766952d66b225178516186047bdc83f959a9b87

      SHA512

      cb36d607676bbeecd12f6a0bbb967caf1f40efdeedc01155d2176a52968849003637a3141ad55e2edd18f8d77498848d58bc1d3b67f0172a20ad70c7996b7f00

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d383164d7cc3e992f6b021168f1ca7e7

      SHA1

      9b586e11610e62502485d002d435632e5c7723a7

      SHA256

      0a01be111ec4009a2c326024eba8475180054ae27e2b4a55bc213dd286ea85ff

      SHA512

      1275b92ead0192123d9b21e20ca8e9e984d83c90aed5fb4d74275f2250cfac339dde715d86a8152e58a36a52264ca38ff3a945e1b2650a38a6fcb82acc819289

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      676b83e094c0ae9577d206f4d4700337

      SHA1

      f66b6cb3cf3bbba973235db5a49487e29b8c576c

      SHA256

      2940060cd1c758e5394f002a7bb2560d14525804d1200743792c035ce2fa36ab

      SHA512

      417c421ae8c312d3b8b51fa1e7bdef02eec1100ac8ac48bdcc706edb20ff5d49569e9d3559f3b31a3dcfdf4737372b1cdbfc132ca76047d1c2b3f35a88e6d365

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      89967373f6d4ac1dda61a2088586406d

      SHA1

      090a54f3ad3c706e84c2cc62a8ae431d00d88eda

      SHA256

      bd9445f96b5acac0927216ea905960c35955775df40c4acc00e2e8b078f921f2

      SHA512

      e4eb36e869f8b0e200b0444dd1c6d7e886c79ab257b0e4b158f2854a739c1882085f8886e809dc634f43387fba9d7c30cbe3d2b7a67823a67e5833411c9bd016

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6d58a60a20c0193fcb574d7ab4dad269

      SHA1

      e8e32e8ec7175f91df7481c6614ec0c5b1dac78f

      SHA256

      53b294f78f0e605509c9360034e02f80eb58abfe8aebd01c6540713172820c2a

      SHA512

      a11c93333ae60af4c40ca78afbeba955e58d1b24acedc3029d51c5e3a7eaf783a742ce838ac129e7ac3447e09552503a2195e5fc0fa6f4c3ae19295d0e0084ed

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eb67b5f75610c09c217db1b81d91a031

      SHA1

      fd35f38180449ffec810d910b8b93036ccb6faf7

      SHA256

      90638330d023816a11a2ce0b8390ccca69a603de2aae900ec506b2abf8a3287a

      SHA512

      8df8227fe9067bfa2944f3e74f6e74e81f8877c9ca5d219e3636060e46b379c2cecccd9597c3fcf8dd0fe4c91825941e65f6bbe2b27971f6f2a6295cb2cda173

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6ff19ffa93ab5c747d1819876b7135ad

      SHA1

      a82525f4fae46ea9e779e62927c7eefd791567e9

      SHA256

      135134db98127d79ab0568691120a8468c188d8e19ae4db07ec93ee6d90d6c00

      SHA512

      7175eea9232d29161051f84acd3e5bafe93d204287e0cbbf88133e220f98f3445ab9370933a50ce51547cdd7c790a9e651a5819b50282380ef35a6ec97d1e2ea

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3b7b3b3244f88faab1ef3bea7b21ebe8

      SHA1

      78839958caa2ff01df6d9e5f1d26fee3f8873107

      SHA256

      c53c451a30485362059c9e04dfea81fe46f4cfb6f220f95f1877be982298a6d5

      SHA512

      978dc9fe089dd1b0fb4b63a48f4bbbaffb26e868056c7941867eb3c7bddf567a5e9a325404ca684cc033226db6cbef2dd77d9481d8e38dc2330e88f866ef3a44

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      80f226b2ed3ec388724589269a8ba6a5

      SHA1

      d4079cbb219880cf7b1a2256a5233cc486c6c255

      SHA256

      46870056220173ce6deba54c73c112526c8de89bffaa47f436b334ad523d3f9e

      SHA512

      d008388e60100cdb572b1eb66ead50c623de83a69542ddd80abb25793fbe88486c89bedb90630bbbb2fffd3d508df9edccaa7c5c608aa8168fa9d63b7e1f2e59

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b239c69503077baba84d50a3fb9c2f39

      SHA1

      652d78d144544d455b2c07c829eba69c1fb9a1d2

      SHA256

      de01f6dc3a8f3260fa9c7c2bc462139ca14f9d92c4ca19696f930ca0c2691a02

      SHA512

      5926597413f613eb97299d8d5f0419075c6591ac3a57b54b64ed2d9f12be4b463daf16054d78691713074024654571e2b2b85b5bc5982a98a03e4ddf925fa055

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d33e20b430e7755a2a99efcccd818e9a

      SHA1

      75bc51b214e6d5efbf4c5dec16297501a62e9f5c

      SHA256

      b1bd7fcff21914f46069a5e26d185cf063bbc12cb8ac4dff7a4459cd645b11a4

      SHA512

      d882fe428dd73dcbb328789823c8fb63d66755149957df7ac0ea3c092d9efa9cd4f50dab77201bbb7728c58f6600d22ed17d47ff4bf8a9be6ebc32ebbd7a8229

    • C:\Users\Admin\AppData\Local\Temp\CabD8A.tmp

      Filesize

      67KB

      MD5

      2d3dcf90f6c99f47e7593ea250c9e749

      SHA1

      51be82be4a272669983313565b4940d4b1385237

      SHA256

      8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

      SHA512

      9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

    • C:\Users\Admin\AppData\Local\Temp\TarE3D.tmp

      Filesize

      160KB

      MD5

      7186ad693b8ad9444401bd9bcd2217c2

      SHA1

      5c28ca10a650f6026b0df4737078fa4197f3bac1

      SHA256

      9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

      SHA512

      135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/860-399-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/860-397-0x00000000003C0000-0x00000000003C1000-memory.dmp

      Filesize

      4KB

    • memory/860-395-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1732-388-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1732-389-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB