Analysis

  • max time kernel
    130s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 08:00

General

  • Target

    b278b5ec76b38541ee1b44bb3021696b_JaffaCakes118.html

  • Size

    158KB

  • MD5

    b278b5ec76b38541ee1b44bb3021696b

  • SHA1

    4ff4dd03efa10511f8bcca187e46b673864ab2df

  • SHA256

    a77fa49ad3d9b0d563893837207a4a7c8117769a5bfa4b870723e38ef324e70e

  • SHA512

    f779c20c02f8b425fccc6ec0f4da54d5e772b5015880ce1db25d8500dbe80432a589ac86d56800c8174216af0fcaf5595035ceecaf6c45df70298c67732c1d73

  • SSDEEP

    1536:iFRTGHGkdepNaLyqyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:izZpN+yqyfkMY+BES09JXAnyrZalI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b278b5ec76b38541ee1b44bb3021696b_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:996
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:996 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2236
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2148
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2136
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:896
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:996 CREDAT:472080 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2300

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      41b7216ba085be87a470ee928502c9e1

      SHA1

      7d10454f233f7745beb37f6f7368bbf31f058fa3

      SHA256

      de1f0b517ce2d8d82c428dc61ccda478a7a1f396f0199a0a900eba0c5619f789

      SHA512

      dad1a21005f7e22a99b90ce17666006e52ee5964ec3832b6f10c73a4e75556b251c3d87ea4a1690ca0cad1dd7684c9aafd347d349980a5a32515958ee18e1d2e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4e438872f1b3bdd37359fea6a51fb9db

      SHA1

      1aae8519484addd99004eacdd01e124c8e6f8f21

      SHA256

      8da585d3c964cf1a721c14ef6c52eb0a4d5707bd72dbe0963a3562ec06938373

      SHA512

      ee5144b87c4dd648eebd87294232ed4018df6a5872fb2973e68e1e162830c09a1110300e2db8773c1ab5a636cfdf76ed2a286ea667f4cbfba9adda54bddc1409

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      40710da802d0abd7f8f76e48df21fbd1

      SHA1

      5a8afe933a00efae87ba2a1d720c6e033d0f0719

      SHA256

      3cbe6a10cfbd2d3f0d48baa065c07112880930027f351a60be7dcecc9975f874

      SHA512

      3d61870d0dc9675f5b5427bad39c5425e6f4ffd608efc4df5b9f3c13a3a6f4076bb551dc6fdf9c5d44e96a45e5e7e31fefa21e91e6672ee99f386c9013998429

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8136133ee5b38561e1c08719d2b55434

      SHA1

      3509991109677dd7c506d2117fa565c786e979cd

      SHA256

      205dc50a0ad7c2c51673211513a85866de929b6aed70fdbd8d6688efd8b1319d

      SHA512

      1fa460aeff313458a67e095b889afbdefb5e43e950180b2e54f2def3656476c51c1de2ae7e39a8d40e889c2a3b1141916551ca3c75747c3ec9ff6c66d9d601f8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      43a179e691618a12a4cfadf2a11c803b

      SHA1

      d8aec1a9aabf672d812ce4ad35717bc296e654ff

      SHA256

      3d88d12b5b84d3382044ffd388a9387873ba501d29356c855a41d0459d5787a5

      SHA512

      004fa3c927dd95c85efb90b9e1f50454b7664060f83d7fa07ee982f8d82a4a766ecb1ae8a3aafd5473be91086de8b1d1c0fb13023f1c5cc7cc01d2bd7755bd32

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9ebe6d8b360330c2832d37518243eacd

      SHA1

      00e85c45de8ebf7b94f629a2374ab3a321c4acd1

      SHA256

      66f740f924e93c686fb21b913140c97eb3877f961fb35336877342f4b95a2a2f

      SHA512

      5d05b0ba0af7ed7aa67b8dd580a7cae76dae8322245abd4efa16ac9728372f224f3a74663b1234a98def856e6dfe2f6a546f90a1a8973963ce6a600e07ad2a87

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      98acd15e3fa399c67f04185fea76dcfc

      SHA1

      2008268ee8bf15f49ff8cabfbed68257cb9e4fe7

      SHA256

      54174d45231eeda0e30b6945abf2ab41a3e7b46eebad3fbcb5137d01b8e5e7eb

      SHA512

      5affb6b938a94acec3bb55bef35584cce6fd142375ea5fdce006980c23babbfa811b49a4342f942e37106bbc49d89d62fdc5cace290fd27aa72236bf56f15002

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6b96187cdbcfb93abcd5860d32d0626c

      SHA1

      20a9ad00ba4bc3f942bc049b6dcf2597abee4211

      SHA256

      62ff29be1e4039429f582a1d6f337d09f6826f89af4b5d989ce830b78140fa2b

      SHA512

      99b81279ae1aa8e90447679f78173149da3c61d915f84423e09ca234a736cd53d6200f088f3c3c4b843cec3ed09244a960984d4c1b13b884d223cca1ec09b857

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      631ba2c111663944b12e8c465f9a24ab

      SHA1

      a74be591b8096caf50cbe9b13301bf99676748c6

      SHA256

      c387ec497f745db1a5b1e70fda8ba85e25ff2f947481788ae5812d5f0f48b902

      SHA512

      eeb6f48e2fc5c62bf7f4e6a4b9ee4962e3b5edd316f44cb24a50a29377372d7ec0c138109e1ba09201562a2ea8e7eac97f2061348de73975579f840457eded61

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      da14d974df8a8468a37dbe434e284ad7

      SHA1

      9d4c0eaab854ce7391407d2eaa371eae3a61894a

      SHA256

      55586837efa243ccb1e410ae86ce91a9e872d985aefaee9b4559de3a5435ca64

      SHA512

      7cabe9a5f255c7957db277d0683495b6121d24c56406f8bd6d4e65b86a29a5b23018d767ebe56bf78b24c894c3fe9a4a3745405255f37b009194b405aa6c6cf3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      299f801c63f038d947761782cf3bf2e3

      SHA1

      68f47e1b5daf8a7fa42bae6d0728295b9e73a8bd

      SHA256

      d310e011621007edc90d286034397ff6f25b36b4c645fe2d96634470e0bda8f5

      SHA512

      320fd68c8991318af582f3b6a6f64b0f2bd0bf9bf716af936c8361b9fe1e1ac73b22cfa53eba3263818c64f2a042fbe49e6213b5e92b8227f4250d7623043ad0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d15406c9e70e02fd110e4061c17d24a2

      SHA1

      dd66e3c53e434255d0274448ebe61f4754276cd2

      SHA256

      b0677f6e5d03c8c81f4a13d5aefaf9eceef3d5d240685e0ae3dd2c77e955792e

      SHA512

      6267c20a9e8072619912c0a54f1c21d70d8ddebf0086824605f8954c3e544e792bc875b1bd59fb417b8a29b34fc29c82822378afbef5b2f78402638de1bef007

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7b13d93b2a63fffdcec63308fbe67fcd

      SHA1

      f7fd69d2189c137f5fe5dac78acbbd3b19c05216

      SHA256

      28a18a957f8fafa9fc721377c78e4f90ddf4b2c9ba1276ea8a55aca088c6f74c

      SHA512

      e3ed0ef17997ba50c41bb17700289cccbd358ccdf9819c51452a296cf405a4eb4ac04a2bdb34b071cc596b8d68d52399659ec8cdb8ed78e040e6400ae466786e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      47fa0961515ebc6423e69bac14606086

      SHA1

      60aee921349adbf1dbb5937509e77a695f7a087c

      SHA256

      1fd470489d3b4cccce55db08033e2e502e5f711bb94f2e05e19cb7c068d05e2b

      SHA512

      9c3c15c474a350c7e6371bf0d3e72a505c59050d00bbb622c6812c98528bb8b763e5aa93afd3513b1ccf3f88f04627a872800da4e99ebe197642640fdebca3e7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      781e9b986caae7be9ad2c2141e39bf91

      SHA1

      673d557461cd0767f1ca8fed1dc6ff71fe93ba3f

      SHA256

      fd93092b6634286b1452a94185b16047cb46d4f8880ad5eb3d4a6e4544e13bcf

      SHA512

      ed8912a2f5ce79b6a12603beef20e1f0f00ef976f783904ad688e7aaf0e60e075c2a99e70c49703dc0410bbf4e9f8c5d1484162e902f85a57245675396ccd3cc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d1b896fd63fea3d2a38d185efe26ef2c

      SHA1

      1ebd5f4e8c50333d79860f1f19a7a9f46e2a8273

      SHA256

      72a7d994645892180c5b993cd28a0d61d832b6f318af5f5aa0e1cc75e9794baf

      SHA512

      f07aafb0ad42dc4f8479989337b3b68fc9741ac430396f92aff42be793ca8bd38ace2fd145695238d5766f153ec2e9698937b6d847a9be8c9345b3f70978d67e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bac0421e6273ede7016a2c0f32280370

      SHA1

      dba9b4bcebbf010c9762eee9d431dcb934c0117e

      SHA256

      a8d74a02812136103a18d815037edbff31d189e6a085f39824b0f08df61349e9

      SHA512

      5ca77dd70aad2b798b98a110658cd88e69f1f113daa56f428739a5785ff8333f7dbb61105f70ff2b29b20004dd13bbd7757cc50a50e70564b49ccf4aea0ad278

    • C:\Users\Admin\AppData\Local\Temp\Cab2898.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Cab2965.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar2989.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/2136-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2136-492-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

    • memory/2148-490-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2148-483-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/2148-481-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

    • memory/2148-480-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB