Analysis

  • max time kernel
    136s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 08:37

General

  • Target

    b299381016f10dbab1cdbc1b36862b74_JaffaCakes118.html

  • Size

    155KB

  • MD5

    b299381016f10dbab1cdbc1b36862b74

  • SHA1

    4bc6be7ac63835d64d843e5feeca8ad7c007c0e9

  • SHA256

    0a382cce316bdf2edf5e02ff5e95daf40c104ac846888ac96b0c97e1f2eb5609

  • SHA512

    c1b782e8c75a228a9628719daf6a84886fcc18261699922ccb047520b6f8dc367c8d0c66b8f808944470809b5b1ccc6f82382a86842c57ae576b6b87c5721941

  • SSDEEP

    3072:isNH/J5lTyfkMY+BES09JXAnyrZalI+YQ:is5/J5l2sMYod+X3oI+YQ

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b299381016f10dbab1cdbc1b36862b74_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Users\Admin\AppData\Local\Temp\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1592
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:768
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
              PID:900
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275470 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2340

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5e9ce9269190832605ed268a4f5920aa

      SHA1

      6609e569e159ad6fa412cfaff00a8b08a10a1a8f

      SHA256

      6ad69b7155a7a60c53c5a566808055eff6550dc803bab5adab03123991b651bf

      SHA512

      ae238cadf89677d963fd454e8ff55200507bd11f8662cdb92b18e597cc070af6fe7fa8c4cef3a6536d98dd6d3061fb66c65d6521537c1055e84bb2047f465b19

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      df776565dbc4ba2b928cb58af33c93b1

      SHA1

      5353252e6d7737babeb444d9a9575203a57b412d

      SHA256

      78f6ff190ade43d464b3c263dcf929b6521151e1a922a26d2a62bc4146942602

      SHA512

      792cdfa7f63ea43fa3f9285c390f9b357ce258ad49638cfbebcb7d550f0b4a93b5d77f839ed90f77e595eb6ed286145af95800353855cd997970fe379f312b05

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bf441b1f28ea9fb6dbe92a287869d593

      SHA1

      6965460236ae936ca2d351207a590e5fd9ff76b7

      SHA256

      e84c3bba0538cc447b4ccb6e2bca156fb60cf96c5bcad2de1a18b5ae2d78b24d

      SHA512

      021c64288cbaf0551a27c0773cbd1f53125055d2104f5f140eb04bfdf44efcd1ea9e86a9a98c8304a59cbe68411bf20bc0d7fb57385d03d1849a40a974de1348

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      18efab5f533e73d9fbdb5a20ffdcc998

      SHA1

      de170abc76a3a60292545814507cb29a9c2caeea

      SHA256

      fa419b46b2467cdb49dbc0adb9071a5890061fc08e5405dc5bcbdf071f5df895

      SHA512

      74373c5ff2cb160f8ed2cd50f5be93719202c856b388c40e418ce0177dd26c2453bcc28e3daee0245608502d1e3a3719cdf2299cd27850622f07b1efa7de0520

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      51b3e26fcb22b1b7ca544f8511152c4a

      SHA1

      5c19316344f0e72a769125e29f9354c044123067

      SHA256

      fd9219f7596371b92f03308f25c3107e5ff0f480025becabbdc7d267ef667a7e

      SHA512

      d116efcce525ff210bdcb90745109e2c8b7cf409d82cf99a4aa5af56d910d6f4aea26e8caf78e5cc4533875b8220a8e652d38c4423fef70360dc50492599b80f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bed8013f19b1a6dd5925e2fe43d0ba42

      SHA1

      25e9ed61d5fd8287e2aa55e4b29086ba1b9960f7

      SHA256

      2b1a35b476636ef74af369741133e69cddaa4d6bf1cf0a1fd1695932085b7bfb

      SHA512

      e5717bcb4835a4baf5699c36a08e027d9e7ec54ae6e1da70cc99b099cd53d7c7fa6714f335f98b02689055dfb1945f64bd5ace43ce96a4b7def97779ad55826e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      30b1754708564e1e32c8a5a8e06a7066

      SHA1

      9e9635c868d8e7ce98610fcb10ebf87c6a3ea997

      SHA256

      679dae10f03788faeee36ed93715a5d5e6b642a706f909bfda051a3effdcc083

      SHA512

      77541cc6bc9c35bc10444c4d60b637fbb28527c0f4a0dfb84c09983e968df56b43068ce71073e131daee1f47e8423d455a739412c72258906464e9324bde991f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7d9a1b0b58d769793569f89cc63ce895

      SHA1

      d224c7148fecdecb3fdbc4f62f8b24a1b6b85970

      SHA256

      c03a51ef14835609f2aca6493560273d9623be21e5f97b42683464be42baaae8

      SHA512

      58e8776bba4252e5485acfe3839f978910314a96f4674f0118e26960cdbbc8970604b58fee8d15983bfaa2baab09c9a7c00270aa29c145db92c785f415e0a7b6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e761ca1fff22a04cd540dbb6fae8c58a

      SHA1

      2d79358b3206c490b0157526577c252dde7d7d7a

      SHA256

      8a196adefebdc30a59d87f0aa4668a4859cc738e5cc46bb383c85fdc2eb9ab46

      SHA512

      1276e1ed0115bc2a9fcdfcbfb4f126d87c2b05bb894bdc85bd3b183c8545c688da4a4d936d37843ad110a0e96234e6a89a5ecbdfa7de332f28d886b6ad79cd3c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f00a9625a66986743e2abc0298597769

      SHA1

      3f35503b99d5789f5dbe971bfdb28f309cfc5be6

      SHA256

      42d3497fd6bfcdc08d676029173ae891b3a2fc27e8661ed9f9eca6cffb4a5f28

      SHA512

      1b4651061b23f5137c54227e86f8bafe0a975b74257e1b15f2bf44dec76f1b00d1ab367f7fe9e5e843c13ca253a705d0d265ca0398aed41ddf9d22dd1a940579

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3f55070edb1b933110ead3c71d9c311a

      SHA1

      bec47dce5bd0fbe228fa6cc6865a61e2e7decb93

      SHA256

      180fa9e876a73912b53db9577c8a3362b16933718dbf97cd8da6f628132c7a4d

      SHA512

      3117742a315c2b5922365b89f7893f09e3b54a05a7bf2ffcdf494c04ebdc84e610d6e8868201086a1bc18dc0fc3b14321e409024a9c73d37cd8d746cb80d9bbf

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c6344b6952f8ba891352f764a6e0960c

      SHA1

      4d08ecbf6393a53090f50125d93a4e92d4f590d2

      SHA256

      89388dc642c3b9207ab6635f318865ed851cb538233175460352f4a71846fe53

      SHA512

      c6eeab8411f5f8613be9351d7fbaf9cdbb3acd727b34f355d1fec1fcd8235c7010c740180eb45d1c5f20a791c3855f713591eca7676991a01132830d81fd4e80

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d298c39653d9421cfdca29ef95d6a3ec

      SHA1

      45e40b086358ddc78c0536e4919f8f0abccd9af2

      SHA256

      c54934d1c180cc2afadb03143e90f3ef93675f778b14c84ae0c688efbb29c80d

      SHA512

      2bbb8e4d5b37476a4850953a044d37ebeb8da013d0a2c7d7a3bef6e687daf2989418a19fdd3df02b609a7fa85d7d6d339a87ecc076947781324e83fdef61017a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0a6ad4bfadfdaa4a5950b26d5248dd6c

      SHA1

      d9cd98247c141254257727b1a148c43f3f1f71af

      SHA256

      db34100a8a5296ec3f94d36d322206996694afeaf36f36b375dfe2e6869118fe

      SHA512

      0dd044af37bf6224ac2c6fec72c41f492ca2b3d812b2b6d90532b71f523355385672d24461ec583604b5c8c9549040076bf14f22ab3ffd08b2ccf552332ac046

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      63845cf71e50057f74c151ca93fef3f3

      SHA1

      e9f44b890f22fdeee2020f316355217ae41a2e89

      SHA256

      bd1ff8b0a4e321e06d8783369e67a454cc0f23e7117900760e1229b66e7f63b1

      SHA512

      b570f14ab6c7209be610248fcede5c2094e6cde2a4333be70352f9608ca0b15e568f529f2fa6e57f1d70d41fd2d0b4fe4dff505cb1c0f55dae5b74973ee4e9e4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      73ba315f31d18ac5029b08b8915c99c8

      SHA1

      e0a3def52191e82a10dcebb6105c5a497fd0eeb7

      SHA256

      1cc543f5644971a63cd9492a8f85a42129cc040dbba822eefe41274cb2a6b0c5

      SHA512

      8f4f0075595f8efa68c2d633ef646a9dcaa3c157f73c5af0577aec5593b789df13b8e212461404e86697478b2239bf57bf178552fcf347fad4a2ef9b93681f8f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b2fc2518eeccfc5866185d555cdcc743

      SHA1

      673ea28f7531d0a83d379f92839b804f39482cbd

      SHA256

      9bef41c34601807d02ae48dda15b8b3686690d5bcac6bd0126b2cdf26261efe5

      SHA512

      ff45679f904d13931fd435ee0409eeb9d481f0cccbf7f2a052a3a5138e7384bcd5c86514c86a99b64d66369f43797e5cd7f00b0bcb5cc55cd26e09ae70b03a8d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3fba5f4da31853b493ef941f2fb787ff

      SHA1

      e069ddd44ae52d638e2cff65550327747d99491c

      SHA256

      de61afa07e7be66b5d5d21a640db98c53cecae0d9a0a9c27071d0684c505ddf6

      SHA512

      cc77502fa24dbbb19bc5b2a78788c48cfb7e7a39e112bf8609c864ac316eb16759b8dab9208655f94165d9342c166e6e668614e4257a97a9da3edbdc20d4aa66

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9f94e736e53f4b3266378373d953dabe

      SHA1

      665e30f4bd3fe07ec710389dd4b0fc2f3b825285

      SHA256

      ab74a0494eaafb0737624323f8d67ef66ffe0b8a1f1e83de80c1cf71dc55c7d7

      SHA512

      ad2ed02033e1c226dc5f464baa76c7a90b5c9f1c546c7dd15f3cbf9ed3198397a8e3735bb3528e995a92519c52b904ef1fb33dfd06dfb08a9c0815c0d533ed73

    • C:\Users\Admin\AppData\Local\Temp\Cab13F0.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar14D1.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\svchost.exe

      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    • memory/768-494-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/768-492-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/768-491-0x00000000002C0000-0x00000000002C1000-memory.dmp

      Filesize

      4KB

    • memory/768-489-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1592-480-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

    • memory/1592-481-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB